aws-sdk-s3 1.79.1 → 1.83.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,187 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative '../arn/access_point_arn'
4
+ require_relative '../arn/outpost_access_point_arn'
5
+
6
+ module Aws
7
+ module S3
8
+ module Plugins
9
+ # When an accesspoint ARN is provided for :bucket in S3 operations, this
10
+ # plugin resolves the request endpoint from the ARN when possible.
11
+ # @api private
12
+ class ARN < Seahorse::Client::Plugin
13
+ option(
14
+ :s3_use_arn_region,
15
+ default: true,
16
+ doc_type: 'Boolean',
17
+ docstring: <<-DOCS) do |cfg|
18
+ For S3 ARNs passed into the `:bucket` parameter, this option will
19
+ use the region in the ARN, allowing for cross-region requests to
20
+ be made. Set to `false` to use the client's region instead.
21
+ DOCS
22
+ resolve_s3_use_arn_region(cfg)
23
+ end
24
+
25
+ def add_handlers(handlers, _config)
26
+ handlers.add(Handler)
27
+ end
28
+
29
+ class Handler < Seahorse::Client::Handler
30
+ def call(context)
31
+ bucket_member = _bucket_member(context.operation.input.shape)
32
+ if bucket_member && (bucket = context.params[bucket_member])
33
+ resolved_region, arn = ARN.resolve_arn!(
34
+ bucket,
35
+ context.config.region,
36
+ context.config.s3_use_arn_region
37
+ )
38
+ if arn
39
+ validate_config!(context, arn)
40
+
41
+ ARN.resolve_url!(
42
+ context.http_request.endpoint,
43
+ arn,
44
+ resolved_region,
45
+ extract_dualstack_config!(context)
46
+ )
47
+ end
48
+ end
49
+ @handler.call(context)
50
+ end
51
+
52
+ private
53
+
54
+ def _bucket_member(input)
55
+ input.members.each do |member, ref|
56
+ return member if ref.shape.name == 'BucketName'
57
+ end
58
+ nil
59
+ end
60
+
61
+ # other plugins use dualstack so disable it when we're done
62
+ def extract_dualstack_config!(context)
63
+ dualstack = context[:use_dualstack_endpoint]
64
+ context[:use_dualstack_endpoint] = false if dualstack
65
+ dualstack
66
+ end
67
+
68
+ def validate_config!(context, arn)
69
+ unless context.config.regional_endpoint
70
+ raise ArgumentError,
71
+ 'Cannot provide both an Access Point ARN and setting '\
72
+ ':endpoint.'
73
+ end
74
+
75
+ if context.config.force_path_style
76
+ raise ArgumentError,
77
+ 'Cannot provide both an Access Point ARN and setting '\
78
+ ':force_path_style to true.'
79
+ end
80
+
81
+ if context.config.use_accelerate_endpoint
82
+ raise ArgumentError,
83
+ 'Cannot provide both an Access Point ARN and setting '\
84
+ ':use_accelerate_endpoint to true.'
85
+ end
86
+
87
+ if !arn.support_dualstack? && context[:use_dualstack_endpoint]
88
+ raise ArgumentError,
89
+ 'Cannot provide both an Outpost Access Point ARN and '\
90
+ 'setting :use_dualstack_endpoint to true.'
91
+ end
92
+ end
93
+ end
94
+
95
+ class << self
96
+ # @api private
97
+ def resolve_arn!(member_value, region, use_arn_region)
98
+ if Aws::ARNParser.arn?(member_value)
99
+ arn = Aws::ARNParser.parse(member_value)
100
+ if arn.resource.start_with?('accesspoint')
101
+ s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
102
+ elsif arn.resource.start_with?('outpost')
103
+ s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
104
+ else
105
+ raise ArgumentError,
106
+ 'Only Access Point and Outpost Access Point type ARNs '\
107
+ 'are currently supported.'
108
+ end
109
+ s3_arn.validate_arn!
110
+ validate_region_config!(s3_arn, region, use_arn_region)
111
+ region = s3_arn.region if use_arn_region
112
+ [region, s3_arn]
113
+ else
114
+ [region]
115
+ end
116
+ end
117
+
118
+ # @api private
119
+ def resolve_url!(url, arn, region, dualstack = false)
120
+ url.host = arn.host_url(region, dualstack)
121
+ url.path = url_path(url.path, arn)
122
+ url
123
+ end
124
+
125
+ private
126
+
127
+ def resolve_s3_use_arn_region(cfg)
128
+ value = ENV['AWS_S3_USE_ARN_REGION'] ||
129
+ Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
130
+ 'true'
131
+ value = Aws::Util.str_2_bool(value)
132
+ # Raise if provided value is not true or false
133
+ if value.nil?
134
+ raise ArgumentError,
135
+ 'Must provide either `true` or `false` for '\
136
+ 's3_use_arn_region profile option or for '\
137
+ "ENV['AWS_S3_USE_ARN_REGION']"
138
+ end
139
+ value
140
+ end
141
+
142
+ # Remove ARN from the path since it was substituted already
143
+ # This only works because accesspoints care about the URL
144
+ def url_path(path, arn)
145
+ path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
146
+ .sub("/#{arn}", '')
147
+ "/#{path}" unless path =~ /^\//
148
+ path
149
+ end
150
+
151
+ def validate_region_config!(arn, region, use_arn_region)
152
+ fips = arn.support_fips?
153
+
154
+ # s3-external-1 is specific just to s3 and not part of partitions
155
+ # aws-global is a partition region
156
+ unless arn.partition == 'aws' &&
157
+ (region == 's3-external-1' || region == 'aws-global')
158
+ if !fips && arn.region.include?('fips')
159
+ raise ArgumentError,
160
+ 'FIPS region ARNs are not supported for this type of ARN.'
161
+ end
162
+
163
+ if !fips && !use_arn_region && region.include?('fips')
164
+ raise ArgumentError,
165
+ 'FIPS client regions are not supported for this type of '\
166
+ 'ARN without s3_use_arn_region.'
167
+ end
168
+
169
+ # if it's a fips region, attempt to normalize it
170
+ if fips || use_arn_region
171
+ region = region.gsub('fips-', '').gsub('-fips', '')
172
+ end
173
+ if use_arn_region &&
174
+ !Aws::Partitions.partition(arn.partition).region?(region)
175
+ raise Aws::Errors::InvalidARNPartitionError
176
+ end
177
+
178
+ if !use_arn_region && region != arn.region
179
+ raise Aws::Errors::InvalidARNRegionError
180
+ end
181
+ end
182
+ end
183
+ end
184
+ end
185
+ end
186
+ end
187
+ end
@@ -73,8 +73,6 @@ request URI and never moved to the host as a sub-domain.
73
73
  end
74
74
  end
75
75
 
76
- # Checks for a valid RFC-3986 host name
77
- # @see https://tools.ietf.org/html/rfc3986#section-3.2.2
78
76
  # @param [String] bucket_name
79
77
  # @return [Boolean]
80
78
  def valid_subdomain?(bucket_name)
@@ -13,7 +13,7 @@ module Aws
13
13
  def call(context)
14
14
  bucket_member = _bucket_member(context.operation.input.shape)
15
15
  if bucket_member && (bucket = context.params[bucket_member])
16
- _resolved_bucket, _resolved_region, arn = BucketARN.resolve_arn!(
16
+ _resolved_region, arn = ARN.resolve_arn!(
17
17
  bucket,
18
18
  context.config.region,
19
19
  context.config.s3_use_arn_region
@@ -12,12 +12,14 @@ module Aws
12
12
 
13
13
  option(:sigv4_signer) do |cfg|
14
14
  S3Signer.build_v4_signer(
15
+ service: 's3',
15
16
  region: cfg.sigv4_region,
16
17
  credentials: cfg.credentials
17
18
  )
18
19
  end
19
20
 
20
21
  option(:sigv4_region) do |cfg|
22
+ # S3 removes core's signature_v4 plugin that checks for this
21
23
  raise Aws::Errors::MissingRegionError if cfg.region.nil?
22
24
 
23
25
  Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
@@ -67,11 +69,26 @@ module Aws
67
69
  if context[:cached_sigv4_region] &&
68
70
  context[:cached_sigv4_region] != context.config.sigv4_signer.region
69
71
  S3Signer.build_v4_signer(
72
+ service: 's3',
70
73
  region: context[:cached_sigv4_region],
71
74
  credentials: context.config.credentials
72
75
  )
73
76
  else
74
- context.config.sigv4_signer
77
+ resolved_region, arn = ARN.resolve_arn!(
78
+ context.params[:bucket],
79
+ context.config.sigv4_signer.region,
80
+ context.config.s3_use_arn_region
81
+ )
82
+
83
+ if arn
84
+ S3Signer.build_v4_signer(
85
+ service: arn.respond_to?(:outpost_id) ? 's3-outposts' : 's3',
86
+ region: resolved_region,
87
+ credentials: context.config.credentials
88
+ )
89
+ else
90
+ context.config.sigv4_signer
91
+ end
75
92
  end
76
93
  end
77
94
  end
@@ -90,7 +107,9 @@ module Aws
90
107
  def check_for_cached_region(context, bucket)
91
108
  cached_region = S3::BUCKET_REGIONS[bucket]
92
109
  if cached_region && cached_region != context.config.region
93
- context.http_request.endpoint.host = S3Signer.new_hostname(context, cached_region)
110
+ context.http_request.endpoint.host = S3Signer.new_hostname(
111
+ context, cached_region
112
+ )
94
113
  context[:cached_sigv4_region] = cached_region
95
114
  end
96
115
  end
@@ -150,11 +169,14 @@ module Aws
150
169
 
151
170
  def resign_with_new_region(context, actual_region)
152
171
  context.http_response.body.truncate(0)
153
- context.http_request.endpoint.host = S3Signer.new_hostname(context, actual_region)
172
+ context.http_request.endpoint.host = S3Signer.new_hostname(
173
+ context, actual_region
174
+ )
154
175
  context.metadata[:redirect_region] = actual_region
155
176
  Aws::Plugins::SignatureV4.apply_signature(
156
177
  context: context,
157
178
  signer: S3Signer.build_v4_signer(
179
+ service: 's3',
158
180
  region: actual_region,
159
181
  credentials: context.config.credentials
160
182
  )
@@ -189,7 +211,7 @@ module Aws
189
211
  # @api private
190
212
  def build_v4_signer(options = {})
191
213
  Aws::Sigv4::Signer.new(
192
- service: 's3',
214
+ service: options[:service],
193
215
  region: options[:region],
194
216
  credentials_provider: options[:credentials],
195
217
  uri_escape_path: false,
@@ -200,7 +222,7 @@ module Aws
200
222
  def new_hostname(context, region)
201
223
  # Check to see if the bucket is actually an ARN and resolve it
202
224
  # Otherwise it will retry with the ARN as the bucket name.
203
- resolved_bucket, resolved_region, arn = BucketARN.resolve_arn!(
225
+ resolved_region, arn = ARN.resolve_arn!(
204
226
  context.params[:bucket],
205
227
  region,
206
228
  context.config.s3_use_arn_region
@@ -210,9 +232,9 @@ module Aws
210
232
  )
211
233
 
212
234
  if arn
213
- BucketARN.resolve_url!(uri, arn).host
235
+ ARN.resolve_url!(uri, arn).host
214
236
  else
215
- resolved_bucket + '.' + uri.host
237
+ "#{context.params[:bucket]}.#{uri.host}"
216
238
  end
217
239
  end
218
240
  end
@@ -12,6 +12,7 @@ module Aws
12
12
  # @api private
13
13
  BLACKLISTED_HEADERS = [
14
14
  'accept',
15
+ 'amz-sdk-request',
15
16
  'cache-control',
16
17
  'content-length', # due to a ELB bug
17
18
  'expect',
@@ -61,6 +61,7 @@ module Aws::S3
61
61
  # key: "ObjectKey", # required
62
62
  # upload_id: "MultipartUploadId", # required
63
63
  # request_payer: "requester", # accepts requester
64
+ # expected_bucket_owner: "AccountId",
64
65
  # }
65
66
  #
66
67
  # @!attribute [rw] bucket
@@ -70,14 +71,24 @@ module Aws::S3
70
71
  # to the access point hostname. The access point hostname takes the
71
72
  # form
72
73
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
73
- # When using this operation using an access point through the AWS
74
- # SDKs, you provide the access point ARN in place of the bucket name.
75
- # For more information about access point ARNs, see [Using Access
74
+ # When using this operation with an access point through the AWS SDKs,
75
+ # you provide the access point ARN in place of the bucket name. For
76
+ # more information about access point ARNs, see [Using Access
76
77
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
77
78
  #
79
+ # When using this API with Amazon S3 on Outposts, you must direct
80
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
81
+ # takes the form
82
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
83
+ # When using this operation using S3 on Outposts through the AWS SDKs,
84
+ # you provide the Outposts bucket ARN in place of the bucket name. For
85
+ # more information about S3 on Outposts ARNs, see [Using S3 on
86
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
87
+ #
78
88
  #
79
89
  #
80
90
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
91
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
81
92
  # @return [String]
82
93
  #
83
94
  # @!attribute [rw] key
@@ -100,13 +111,20 @@ module Aws::S3
100
111
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
101
112
  # @return [String]
102
113
  #
114
+ # @!attribute [rw] expected_bucket_owner
115
+ # The account id of the expected bucket owner. If the bucket is owned
116
+ # by a different account, the request will fail with an HTTP `403
117
+ # (Access Denied)` error.
118
+ # @return [String]
119
+ #
103
120
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUploadRequest AWS API Documentation
104
121
  #
105
122
  class AbortMultipartUploadRequest < Struct.new(
106
123
  :bucket,
107
124
  :key,
108
125
  :upload_id,
109
- :request_payer)
126
+ :request_payer,
127
+ :expected_bucket_owner)
110
128
  SENSITIVE = []
111
129
  include Aws::Structure
112
130
  end
@@ -454,8 +472,8 @@ module Aws::S3
454
472
  end
455
473
 
456
474
  # The requested bucket name is not available. The bucket namespace is
457
- # shared by all users of the system. Please select a different name and
458
- # try again.
475
+ # shared by all users of the system. Select a different name and try
476
+ # again.
459
477
  #
460
478
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/BucketAlreadyExists AWS API Documentation
461
479
  #
@@ -891,6 +909,29 @@ module Aws::S3
891
909
  #
892
910
  # @!attribute [rw] bucket
893
911
  # The name of the bucket that contains the newly created object.
912
+ #
913
+ # When using this API with an access point, you must direct requests
914
+ # to the access point hostname. The access point hostname takes the
915
+ # form
916
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
917
+ # When using this operation with an access point through the AWS SDKs,
918
+ # you provide the access point ARN in place of the bucket name. For
919
+ # more information about access point ARNs, see [Using Access
920
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
921
+ #
922
+ # When using this API with Amazon S3 on Outposts, you must direct
923
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
924
+ # takes the form
925
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
926
+ # When using this operation using S3 on Outposts through the AWS SDKs,
927
+ # you provide the Outposts bucket ARN in place of the bucket name. For
928
+ # more information about S3 on Outposts ARNs, see [Using S3 on
929
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
930
+ #
931
+ #
932
+ #
933
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
934
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
894
935
  # @return [String]
895
936
  #
896
937
  # @!attribute [rw] key
@@ -969,6 +1010,7 @@ module Aws::S3
969
1010
  # },
970
1011
  # upload_id: "MultipartUploadId", # required
971
1012
  # request_payer: "requester", # accepts requester
1013
+ # expected_bucket_owner: "AccountId",
972
1014
  # }
973
1015
  #
974
1016
  # @!attribute [rw] bucket
@@ -999,6 +1041,12 @@ module Aws::S3
999
1041
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1000
1042
  # @return [String]
1001
1043
  #
1044
+ # @!attribute [rw] expected_bucket_owner
1045
+ # The account id of the expected bucket owner. If the bucket is owned
1046
+ # by a different account, the request will fail with an HTTP `403
1047
+ # (Access Denied)` error.
1048
+ # @return [String]
1049
+ #
1002
1050
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUploadRequest AWS API Documentation
1003
1051
  #
1004
1052
  class CompleteMultipartUploadRequest < Struct.new(
@@ -1006,7 +1054,8 @@ module Aws::S3
1006
1054
  :key,
1007
1055
  :multipart_upload,
1008
1056
  :upload_id,
1009
- :request_payer)
1057
+ :request_payer,
1058
+ :expected_bucket_owner)
1010
1059
  SENSITIVE = []
1011
1060
  include Aws::Structure
1012
1061
  end
@@ -1214,7 +1263,7 @@ module Aws::S3
1214
1263
  # metadata_directive: "COPY", # accepts COPY, REPLACE
1215
1264
  # tagging_directive: "COPY", # accepts COPY, REPLACE
1216
1265
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
1217
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
1266
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
1218
1267
  # website_redirect_location: "WebsiteRedirectLocation",
1219
1268
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1220
1269
  # sse_customer_key: "SSECustomerKey",
@@ -1229,14 +1278,41 @@ module Aws::S3
1229
1278
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
1230
1279
  # object_lock_retain_until_date: Time.now,
1231
1280
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
1281
+ # expected_bucket_owner: "AccountId",
1282
+ # expected_source_bucket_owner: "AccountId",
1232
1283
  # }
1233
1284
  #
1234
1285
  # @!attribute [rw] acl
1235
1286
  # The canned ACL to apply to the object.
1287
+ #
1288
+ # This action is not supported by Amazon S3 on Outposts.
1236
1289
  # @return [String]
1237
1290
  #
1238
1291
  # @!attribute [rw] bucket
1239
1292
  # The name of the destination bucket.
1293
+ #
1294
+ # When using this API with an access point, you must direct requests
1295
+ # to the access point hostname. The access point hostname takes the
1296
+ # form
1297
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
1298
+ # When using this operation with an access point through the AWS SDKs,
1299
+ # you provide the access point ARN in place of the bucket name. For
1300
+ # more information about access point ARNs, see [Using Access
1301
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
1302
+ #
1303
+ # When using this API with Amazon S3 on Outposts, you must direct
1304
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
1305
+ # takes the form
1306
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
1307
+ # When using this operation using S3 on Outposts through the AWS SDKs,
1308
+ # you provide the Outposts bucket ARN in place of the bucket name. For
1309
+ # more information about S3 on Outposts ARNs, see [Using S3 on
1310
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
1311
+ #
1312
+ #
1313
+ #
1314
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
1315
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
1240
1316
  # @return [String]
1241
1317
  #
1242
1318
  # @!attribute [rw] cache_control
@@ -1262,8 +1338,50 @@ module Aws::S3
1262
1338
  # @return [String]
1263
1339
  #
1264
1340
  # @!attribute [rw] copy_source
1265
- # The name of the source bucket and key name of the source object,
1266
- # separated by a slash (/). Must be URL-encoded.
1341
+ # Specifies the source object for the copy operation. You specify the
1342
+ # value in one of two formats, depending on whether you want to access
1343
+ # the source object through an [access point][1]\:
1344
+ #
1345
+ # * For objects not accessed through an access point, specify the name
1346
+ # of the source bucket and the key of the source object, separated
1347
+ # by a slash (/). For example, to copy the object
1348
+ # `reports/january.pdf` from the bucket `awsexamplebucket`, use
1349
+ # `awsexamplebucket/reports/january.pdf`. The value must be URL
1350
+ # encoded.
1351
+ #
1352
+ # * For objects accessed through access points, specify the Amazon
1353
+ # Resource Name (ARN) of the object as accessed through the access
1354
+ # point, in the format
1355
+ # `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
1356
+ # For example, to copy the object `reports/january.pdf` through
1357
+ # access point `my-access-point` owned by account `123456789012` in
1358
+ # Region `us-west-2`, use the URL encoding of
1359
+ # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
1360
+ # The value must be URL encoded.
1361
+ #
1362
+ # <note markdown="1"> Amazon S3 supports copy operations using access points only when
1363
+ # the source and destination buckets are in the same AWS Region.
1364
+ #
1365
+ # </note>
1366
+ #
1367
+ # Alternatively, for objects accessed through Amazon S3 on Outposts,
1368
+ # specify the ARN of the object as accessed in the format
1369
+ # `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
1370
+ # For example, to copy the object `reports/january.pdf` through
1371
+ # outpost `my-outpost` owned by account `123456789012` in Region
1372
+ # `us-west-2`, use the URL encoding of
1373
+ # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
1374
+ # The value must be URL encoded.
1375
+ #
1376
+ # To copy a specific version of an object, append
1377
+ # `?versionId=<version-id>` to the value (for example,
1378
+ # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
1379
+ # If you don't specify a version ID, Amazon S3 copies the latest
1380
+ # version of the source object.
1381
+ #
1382
+ #
1383
+ #
1384
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
1267
1385
  # @return [String]
1268
1386
  #
1269
1387
  # @!attribute [rw] copy_source_if_match
@@ -1292,18 +1410,26 @@ module Aws::S3
1292
1410
  # @!attribute [rw] grant_full_control
1293
1411
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1294
1412
  # object.
1413
+ #
1414
+ # This action is not supported by Amazon S3 on Outposts.
1295
1415
  # @return [String]
1296
1416
  #
1297
1417
  # @!attribute [rw] grant_read
1298
1418
  # Allows grantee to read the object data and its metadata.
1419
+ #
1420
+ # This action is not supported by Amazon S3 on Outposts.
1299
1421
  # @return [String]
1300
1422
  #
1301
1423
  # @!attribute [rw] grant_read_acp
1302
1424
  # Allows grantee to read the object ACL.
1425
+ #
1426
+ # This action is not supported by Amazon S3 on Outposts.
1303
1427
  # @return [String]
1304
1428
  #
1305
1429
  # @!attribute [rw] grant_write_acp
1306
1430
  # Allows grantee to write the ACL for the applicable object.
1431
+ #
1432
+ # This action is not supported by Amazon S3 on Outposts.
1307
1433
  # @return [String]
1308
1434
  #
1309
1435
  # @!attribute [rw] key
@@ -1330,7 +1456,16 @@ module Aws::S3
1330
1456
  # @return [String]
1331
1457
  #
1332
1458
  # @!attribute [rw] storage_class
1333
- # The type of storage to use for the object. Defaults to 'STANDARD'.
1459
+ # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1460
+ # created objects. The STANDARD storage class provides high durability
1461
+ # and high availability. Depending on performance needs, you can
1462
+ # specify a different Storage Class. Amazon S3 on Outposts only uses
1463
+ # the OUTPOSTS Storage Class. For more information, see [Storage
1464
+ # Classes][1] in the *Amazon S3 Service Developer Guide*.
1465
+ #
1466
+ #
1467
+ #
1468
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
1334
1469
  # @return [String]
1335
1470
  #
1336
1471
  # @!attribute [rw] website_redirect_location
@@ -1350,7 +1485,7 @@ module Aws::S3
1350
1485
  # in encrypting data. This value is used to store the object and then
1351
1486
  # it is discarded; Amazon S3 does not store the encryption key. The
1352
1487
  # key must be appropriate for use with the algorithm specified in the
1353
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
1488
+ # `x-amz-server-side-encryption-customer-algorithm` header.
1354
1489
  # @return [String]
1355
1490
  #
1356
1491
  # @!attribute [rw] sse_customer_key_md5
@@ -1427,6 +1562,18 @@ module Aws::S3
1427
1562
  # object.
1428
1563
  # @return [String]
1429
1564
  #
1565
+ # @!attribute [rw] expected_bucket_owner
1566
+ # The account id of the expected destination bucket owner. If the
1567
+ # destination bucket is owned by a different account, the request will
1568
+ # fail with an HTTP `403 (Access Denied)` error.
1569
+ # @return [String]
1570
+ #
1571
+ # @!attribute [rw] expected_source_bucket_owner
1572
+ # The account id of the expected source bucket owner. If the source
1573
+ # bucket is owned by a different account, the request will fail with
1574
+ # an HTTP `403 (Access Denied)` error.
1575
+ # @return [String]
1576
+ #
1430
1577
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectRequest AWS API Documentation
1431
1578
  #
1432
1579
  class CopyObjectRequest < Struct.new(
@@ -1466,7 +1613,9 @@ module Aws::S3
1466
1613
  :tagging,
1467
1614
  :object_lock_mode,
1468
1615
  :object_lock_retain_until_date,
1469
- :object_lock_legal_hold_status)
1616
+ :object_lock_legal_hold_status,
1617
+ :expected_bucket_owner,
1618
+ :expected_source_bucket_owner)
1470
1619
  SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context, :copy_source_sse_customer_key]
1471
1620
  include Aws::Structure
1472
1621
  end
@@ -1645,20 +1794,30 @@ module Aws::S3
1645
1794
  # @return [String]
1646
1795
  #
1647
1796
  # @!attribute [rw] bucket
1648
- # Name of the bucket to which the multipart upload was initiated.
1797
+ # The name of the bucket to which the multipart upload was initiated.
1649
1798
  #
1650
1799
  # When using this API with an access point, you must direct requests
1651
1800
  # to the access point hostname. The access point hostname takes the
1652
1801
  # form
1653
1802
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
1654
- # When using this operation using an access point through the AWS
1655
- # SDKs, you provide the access point ARN in place of the bucket name.
1656
- # For more information about access point ARNs, see [Using Access
1803
+ # When using this operation with an access point through the AWS SDKs,
1804
+ # you provide the access point ARN in place of the bucket name. For
1805
+ # more information about access point ARNs, see [Using Access
1657
1806
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
1658
1807
  #
1808
+ # When using this API with Amazon S3 on Outposts, you must direct
1809
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
1810
+ # takes the form
1811
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
1812
+ # When using this operation using S3 on Outposts through the AWS SDKs,
1813
+ # you provide the Outposts bucket ARN in place of the bucket name. For
1814
+ # more information about S3 on Outposts ARNs, see [Using S3 on
1815
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
1816
+ #
1659
1817
  #
1660
1818
  #
1661
1819
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
1820
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
1662
1821
  # @return [String]
1663
1822
  #
1664
1823
  # @!attribute [rw] key
@@ -1744,7 +1903,7 @@ module Aws::S3
1744
1903
  # "MetadataKey" => "MetadataValue",
1745
1904
  # },
1746
1905
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
1747
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
1906
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
1748
1907
  # website_redirect_location: "WebsiteRedirectLocation",
1749
1908
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1750
1909
  # sse_customer_key: "SSECustomerKey",
@@ -1756,14 +1915,40 @@ module Aws::S3
1756
1915
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
1757
1916
  # object_lock_retain_until_date: Time.now,
1758
1917
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
1918
+ # expected_bucket_owner: "AccountId",
1759
1919
  # }
1760
1920
  #
1761
1921
  # @!attribute [rw] acl
1762
1922
  # The canned ACL to apply to the object.
1923
+ #
1924
+ # This action is not supported by Amazon S3 on Outposts.
1763
1925
  # @return [String]
1764
1926
  #
1765
1927
  # @!attribute [rw] bucket
1766
1928
  # The name of the bucket to which to initiate the upload
1929
+ #
1930
+ # When using this API with an access point, you must direct requests
1931
+ # to the access point hostname. The access point hostname takes the
1932
+ # form
1933
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
1934
+ # When using this operation with an access point through the AWS SDKs,
1935
+ # you provide the access point ARN in place of the bucket name. For
1936
+ # more information about access point ARNs, see [Using Access
1937
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
1938
+ #
1939
+ # When using this API with Amazon S3 on Outposts, you must direct
1940
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
1941
+ # takes the form
1942
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
1943
+ # When using this operation using S3 on Outposts through the AWS SDKs,
1944
+ # you provide the Outposts bucket ARN in place of the bucket name. For
1945
+ # more information about S3 on Outposts ARNs, see [Using S3 on
1946
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
1947
+ #
1948
+ #
1949
+ #
1950
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
1951
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
1767
1952
  # @return [String]
1768
1953
  #
1769
1954
  # @!attribute [rw] cache_control
@@ -1795,18 +1980,26 @@ module Aws::S3
1795
1980
  # @!attribute [rw] grant_full_control
1796
1981
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1797
1982
  # object.
1983
+ #
1984
+ # This action is not supported by Amazon S3 on Outposts.
1798
1985
  # @return [String]
1799
1986
  #
1800
1987
  # @!attribute [rw] grant_read
1801
1988
  # Allows grantee to read the object data and its metadata.
1989
+ #
1990
+ # This action is not supported by Amazon S3 on Outposts.
1802
1991
  # @return [String]
1803
1992
  #
1804
1993
  # @!attribute [rw] grant_read_acp
1805
1994
  # Allows grantee to read the object ACL.
1995
+ #
1996
+ # This action is not supported by Amazon S3 on Outposts.
1806
1997
  # @return [String]
1807
1998
  #
1808
1999
  # @!attribute [rw] grant_write_acp
1809
2000
  # Allows grantee to write the ACL for the applicable object.
2001
+ #
2002
+ # This action is not supported by Amazon S3 on Outposts.
1810
2003
  # @return [String]
1811
2004
  #
1812
2005
  # @!attribute [rw] key
@@ -1823,7 +2016,16 @@ module Aws::S3
1823
2016
  # @return [String]
1824
2017
  #
1825
2018
  # @!attribute [rw] storage_class
1826
- # The type of storage to use for the object. Defaults to 'STANDARD'.
2019
+ # By default, Amazon S3 uses the STANDARD Storage Class to store newly
2020
+ # created objects. The STANDARD storage class provides high durability
2021
+ # and high availability. Depending on performance needs, you can
2022
+ # specify a different Storage Class. Amazon S3 on Outposts only uses
2023
+ # the OUTPOSTS Storage Class. For more information, see [Storage
2024
+ # Classes][1] in the *Amazon S3 Service Developer Guide*.
2025
+ #
2026
+ #
2027
+ #
2028
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
1827
2029
  # @return [String]
1828
2030
  #
1829
2031
  # @!attribute [rw] website_redirect_location
@@ -1843,7 +2045,7 @@ module Aws::S3
1843
2045
  # in encrypting data. This value is used to store the object and then
1844
2046
  # it is discarded; Amazon S3 does not store the encryption key. The
1845
2047
  # key must be appropriate for use with the algorithm specified in the
1846
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
2048
+ # `x-amz-server-side-encryption-customer-algorithm` header.
1847
2049
  # @return [String]
1848
2050
  #
1849
2051
  # @!attribute [rw] sse_customer_key_md5
@@ -1903,6 +2105,12 @@ module Aws::S3
1903
2105
  # object.
1904
2106
  # @return [String]
1905
2107
  #
2108
+ # @!attribute [rw] expected_bucket_owner
2109
+ # The account id of the expected bucket owner. If the bucket is owned
2110
+ # by a different account, the request will fail with an HTTP `403
2111
+ # (Access Denied)` error.
2112
+ # @return [String]
2113
+ #
1906
2114
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUploadRequest AWS API Documentation
1907
2115
  #
1908
2116
  class CreateMultipartUploadRequest < Struct.new(
@@ -1932,7 +2140,8 @@ module Aws::S3
1932
2140
  :tagging,
1933
2141
  :object_lock_mode,
1934
2142
  :object_lock_retain_until_date,
1935
- :object_lock_legal_hold_status)
2143
+ :object_lock_legal_hold_status,
2144
+ :expected_bucket_owner)
1936
2145
  SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
1937
2146
  include Aws::Structure
1938
2147
  end
@@ -2013,6 +2222,7 @@ module Aws::S3
2013
2222
  # {
2014
2223
  # bucket: "BucketName", # required
2015
2224
  # id: "AnalyticsId", # required
2225
+ # expected_bucket_owner: "AccountId",
2016
2226
  # }
2017
2227
  #
2018
2228
  # @!attribute [rw] bucket
@@ -2024,11 +2234,18 @@ module Aws::S3
2024
2234
  # The ID that identifies the analytics configuration.
2025
2235
  # @return [String]
2026
2236
  #
2237
+ # @!attribute [rw] expected_bucket_owner
2238
+ # The account id of the expected bucket owner. If the bucket is owned
2239
+ # by a different account, the request will fail with an HTTP `403
2240
+ # (Access Denied)` error.
2241
+ # @return [String]
2242
+ #
2027
2243
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfigurationRequest AWS API Documentation
2028
2244
  #
2029
2245
  class DeleteBucketAnalyticsConfigurationRequest < Struct.new(
2030
2246
  :bucket,
2031
- :id)
2247
+ :id,
2248
+ :expected_bucket_owner)
2032
2249
  SENSITIVE = []
2033
2250
  include Aws::Structure
2034
2251
  end
@@ -2038,16 +2255,24 @@ module Aws::S3
2038
2255
  #
2039
2256
  # {
2040
2257
  # bucket: "BucketName", # required
2258
+ # expected_bucket_owner: "AccountId",
2041
2259
  # }
2042
2260
  #
2043
2261
  # @!attribute [rw] bucket
2044
2262
  # Specifies the bucket whose `cors` configuration is being deleted.
2045
2263
  # @return [String]
2046
2264
  #
2265
+ # @!attribute [rw] expected_bucket_owner
2266
+ # The account id of the expected bucket owner. If the bucket is owned
2267
+ # by a different account, the request will fail with an HTTP `403
2268
+ # (Access Denied)` error.
2269
+ # @return [String]
2270
+ #
2047
2271
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCorsRequest AWS API Documentation
2048
2272
  #
2049
2273
  class DeleteBucketCorsRequest < Struct.new(
2050
- :bucket)
2274
+ :bucket,
2275
+ :expected_bucket_owner)
2051
2276
  SENSITIVE = []
2052
2277
  include Aws::Structure
2053
2278
  end
@@ -2057,6 +2282,7 @@ module Aws::S3
2057
2282
  #
2058
2283
  # {
2059
2284
  # bucket: "BucketName", # required
2285
+ # expected_bucket_owner: "AccountId",
2060
2286
  # }
2061
2287
  #
2062
2288
  # @!attribute [rw] bucket
@@ -2064,10 +2290,17 @@ module Aws::S3
2064
2290
  # configuration to delete.
2065
2291
  # @return [String]
2066
2292
  #
2293
+ # @!attribute [rw] expected_bucket_owner
2294
+ # The account id of the expected bucket owner. If the bucket is owned
2295
+ # by a different account, the request will fail with an HTTP `403
2296
+ # (Access Denied)` error.
2297
+ # @return [String]
2298
+ #
2067
2299
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest AWS API Documentation
2068
2300
  #
2069
2301
  class DeleteBucketEncryptionRequest < Struct.new(
2070
- :bucket)
2302
+ :bucket,
2303
+ :expected_bucket_owner)
2071
2304
  SENSITIVE = []
2072
2305
  include Aws::Structure
2073
2306
  end
@@ -2078,6 +2311,7 @@ module Aws::S3
2078
2311
  # {
2079
2312
  # bucket: "BucketName", # required
2080
2313
  # id: "InventoryId", # required
2314
+ # expected_bucket_owner: "AccountId",
2081
2315
  # }
2082
2316
  #
2083
2317
  # @!attribute [rw] bucket
@@ -2089,11 +2323,18 @@ module Aws::S3
2089
2323
  # The ID used to identify the inventory configuration.
2090
2324
  # @return [String]
2091
2325
  #
2326
+ # @!attribute [rw] expected_bucket_owner
2327
+ # The account id of the expected bucket owner. If the bucket is owned
2328
+ # by a different account, the request will fail with an HTTP `403
2329
+ # (Access Denied)` error.
2330
+ # @return [String]
2331
+ #
2092
2332
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfigurationRequest AWS API Documentation
2093
2333
  #
2094
2334
  class DeleteBucketInventoryConfigurationRequest < Struct.new(
2095
2335
  :bucket,
2096
- :id)
2336
+ :id,
2337
+ :expected_bucket_owner)
2097
2338
  SENSITIVE = []
2098
2339
  include Aws::Structure
2099
2340
  end
@@ -2103,16 +2344,24 @@ module Aws::S3
2103
2344
  #
2104
2345
  # {
2105
2346
  # bucket: "BucketName", # required
2347
+ # expected_bucket_owner: "AccountId",
2106
2348
  # }
2107
2349
  #
2108
2350
  # @!attribute [rw] bucket
2109
2351
  # The bucket name of the lifecycle to delete.
2110
2352
  # @return [String]
2111
2353
  #
2354
+ # @!attribute [rw] expected_bucket_owner
2355
+ # The account id of the expected bucket owner. If the bucket is owned
2356
+ # by a different account, the request will fail with an HTTP `403
2357
+ # (Access Denied)` error.
2358
+ # @return [String]
2359
+ #
2112
2360
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycleRequest AWS API Documentation
2113
2361
  #
2114
2362
  class DeleteBucketLifecycleRequest < Struct.new(
2115
- :bucket)
2363
+ :bucket,
2364
+ :expected_bucket_owner)
2116
2365
  SENSITIVE = []
2117
2366
  include Aws::Structure
2118
2367
  end
@@ -2123,6 +2372,7 @@ module Aws::S3
2123
2372
  # {
2124
2373
  # bucket: "BucketName", # required
2125
2374
  # id: "MetricsId", # required
2375
+ # expected_bucket_owner: "AccountId",
2126
2376
  # }
2127
2377
  #
2128
2378
  # @!attribute [rw] bucket
@@ -2134,11 +2384,42 @@ module Aws::S3
2134
2384
  # The ID used to identify the metrics configuration.
2135
2385
  # @return [String]
2136
2386
  #
2387
+ # @!attribute [rw] expected_bucket_owner
2388
+ # The account id of the expected bucket owner. If the bucket is owned
2389
+ # by a different account, the request will fail with an HTTP `403
2390
+ # (Access Denied)` error.
2391
+ # @return [String]
2392
+ #
2137
2393
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfigurationRequest AWS API Documentation
2138
2394
  #
2139
2395
  class DeleteBucketMetricsConfigurationRequest < Struct.new(
2140
2396
  :bucket,
2141
- :id)
2397
+ :id,
2398
+ :expected_bucket_owner)
2399
+ SENSITIVE = []
2400
+ include Aws::Structure
2401
+ end
2402
+
2403
+ # @note When making an API call, you may pass DeleteBucketOwnershipControlsRequest
2404
+ # data as a hash:
2405
+ #
2406
+ # {
2407
+ # bucket: "BucketName", # required
2408
+ # expected_bucket_owner: "AccountId",
2409
+ # }
2410
+ #
2411
+ # @!attribute [rw] bucket
2412
+ # The Amazon S3 bucket whose `OwnershipControls` you want to delete.
2413
+ # @return [String]
2414
+ #
2415
+ # @!attribute [rw] expected_bucket_owner
2416
+ # @return [String]
2417
+ #
2418
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControlsRequest AWS API Documentation
2419
+ #
2420
+ class DeleteBucketOwnershipControlsRequest < Struct.new(
2421
+ :bucket,
2422
+ :expected_bucket_owner)
2142
2423
  SENSITIVE = []
2143
2424
  include Aws::Structure
2144
2425
  end
@@ -2148,16 +2429,24 @@ module Aws::S3
2148
2429
  #
2149
2430
  # {
2150
2431
  # bucket: "BucketName", # required
2432
+ # expected_bucket_owner: "AccountId",
2151
2433
  # }
2152
2434
  #
2153
2435
  # @!attribute [rw] bucket
2154
2436
  # The bucket name.
2155
2437
  # @return [String]
2156
2438
  #
2439
+ # @!attribute [rw] expected_bucket_owner
2440
+ # The account id of the expected bucket owner. If the bucket is owned
2441
+ # by a different account, the request will fail with an HTTP `403
2442
+ # (Access Denied)` error.
2443
+ # @return [String]
2444
+ #
2157
2445
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicyRequest AWS API Documentation
2158
2446
  #
2159
2447
  class DeleteBucketPolicyRequest < Struct.new(
2160
- :bucket)
2448
+ :bucket,
2449
+ :expected_bucket_owner)
2161
2450
  SENSITIVE = []
2162
2451
  include Aws::Structure
2163
2452
  end
@@ -2167,16 +2456,24 @@ module Aws::S3
2167
2456
  #
2168
2457
  # {
2169
2458
  # bucket: "BucketName", # required
2459
+ # expected_bucket_owner: "AccountId",
2170
2460
  # }
2171
2461
  #
2172
2462
  # @!attribute [rw] bucket
2173
2463
  # The bucket name.
2174
2464
  # @return [String]
2175
2465
  #
2466
+ # @!attribute [rw] expected_bucket_owner
2467
+ # The account id of the expected bucket owner. If the bucket is owned
2468
+ # by a different account, the request will fail with an HTTP `403
2469
+ # (Access Denied)` error.
2470
+ # @return [String]
2471
+ #
2176
2472
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplicationRequest AWS API Documentation
2177
2473
  #
2178
2474
  class DeleteBucketReplicationRequest < Struct.new(
2179
- :bucket)
2475
+ :bucket,
2476
+ :expected_bucket_owner)
2180
2477
  SENSITIVE = []
2181
2478
  include Aws::Structure
2182
2479
  end
@@ -2186,16 +2483,24 @@ module Aws::S3
2186
2483
  #
2187
2484
  # {
2188
2485
  # bucket: "BucketName", # required
2486
+ # expected_bucket_owner: "AccountId",
2189
2487
  # }
2190
2488
  #
2191
2489
  # @!attribute [rw] bucket
2192
2490
  # Specifies the bucket being deleted.
2193
2491
  # @return [String]
2194
2492
  #
2493
+ # @!attribute [rw] expected_bucket_owner
2494
+ # The account id of the expected bucket owner. If the bucket is owned
2495
+ # by a different account, the request will fail with an HTTP `403
2496
+ # (Access Denied)` error.
2497
+ # @return [String]
2498
+ #
2195
2499
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketRequest AWS API Documentation
2196
2500
  #
2197
2501
  class DeleteBucketRequest < Struct.new(
2198
- :bucket)
2502
+ :bucket,
2503
+ :expected_bucket_owner)
2199
2504
  SENSITIVE = []
2200
2505
  include Aws::Structure
2201
2506
  end
@@ -2205,16 +2510,24 @@ module Aws::S3
2205
2510
  #
2206
2511
  # {
2207
2512
  # bucket: "BucketName", # required
2513
+ # expected_bucket_owner: "AccountId",
2208
2514
  # }
2209
2515
  #
2210
2516
  # @!attribute [rw] bucket
2211
2517
  # The bucket that has the tag set to be removed.
2212
2518
  # @return [String]
2213
2519
  #
2520
+ # @!attribute [rw] expected_bucket_owner
2521
+ # The account id of the expected bucket owner. If the bucket is owned
2522
+ # by a different account, the request will fail with an HTTP `403
2523
+ # (Access Denied)` error.
2524
+ # @return [String]
2525
+ #
2214
2526
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTaggingRequest AWS API Documentation
2215
2527
  #
2216
2528
  class DeleteBucketTaggingRequest < Struct.new(
2217
- :bucket)
2529
+ :bucket,
2530
+ :expected_bucket_owner)
2218
2531
  SENSITIVE = []
2219
2532
  include Aws::Structure
2220
2533
  end
@@ -2224,6 +2537,7 @@ module Aws::S3
2224
2537
  #
2225
2538
  # {
2226
2539
  # bucket: "BucketName", # required
2540
+ # expected_bucket_owner: "AccountId",
2227
2541
  # }
2228
2542
  #
2229
2543
  # @!attribute [rw] bucket
@@ -2231,10 +2545,17 @@ module Aws::S3
2231
2545
  # configuration.
2232
2546
  # @return [String]
2233
2547
  #
2548
+ # @!attribute [rw] expected_bucket_owner
2549
+ # The account id of the expected bucket owner. If the bucket is owned
2550
+ # by a different account, the request will fail with an HTTP `403
2551
+ # (Access Denied)` error.
2552
+ # @return [String]
2553
+ #
2234
2554
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsiteRequest AWS API Documentation
2235
2555
  #
2236
2556
  class DeleteBucketWebsiteRequest < Struct.new(
2237
- :bucket)
2557
+ :bucket,
2558
+ :expected_bucket_owner)
2238
2559
  SENSITIVE = []
2239
2560
  include Aws::Structure
2240
2561
  end
@@ -2353,6 +2674,7 @@ module Aws::S3
2353
2674
  # version_id: "ObjectVersionId",
2354
2675
  # request_payer: "requester", # accepts requester
2355
2676
  # bypass_governance_retention: false,
2677
+ # expected_bucket_owner: "AccountId",
2356
2678
  # }
2357
2679
  #
2358
2680
  # @!attribute [rw] bucket
@@ -2362,14 +2684,24 @@ module Aws::S3
2362
2684
  # to the access point hostname. The access point hostname takes the
2363
2685
  # form
2364
2686
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2365
- # When using this operation using an access point through the AWS
2366
- # SDKs, you provide the access point ARN in place of the bucket name.
2367
- # For more information about access point ARNs, see [Using Access
2687
+ # When using this operation with an access point through the AWS SDKs,
2688
+ # you provide the access point ARN in place of the bucket name. For
2689
+ # more information about access point ARNs, see [Using Access
2368
2690
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
2369
2691
  #
2692
+ # When using this API with Amazon S3 on Outposts, you must direct
2693
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2694
+ # takes the form
2695
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2696
+ # When using this operation using S3 on Outposts through the AWS SDKs,
2697
+ # you provide the Outposts bucket ARN in place of the bucket name. For
2698
+ # more information about S3 on Outposts ARNs, see [Using S3 on
2699
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
2700
+ #
2370
2701
  #
2371
2702
  #
2372
2703
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
2704
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
2373
2705
  # @return [String]
2374
2706
  #
2375
2707
  # @!attribute [rw] key
@@ -2404,6 +2736,12 @@ module Aws::S3
2404
2736
  # restrictions to process this operation.
2405
2737
  # @return [Boolean]
2406
2738
  #
2739
+ # @!attribute [rw] expected_bucket_owner
2740
+ # The account id of the expected bucket owner. If the bucket is owned
2741
+ # by a different account, the request will fail with an HTTP `403
2742
+ # (Access Denied)` error.
2743
+ # @return [String]
2744
+ #
2407
2745
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectRequest AWS API Documentation
2408
2746
  #
2409
2747
  class DeleteObjectRequest < Struct.new(
@@ -2412,7 +2750,8 @@ module Aws::S3
2412
2750
  :mfa,
2413
2751
  :version_id,
2414
2752
  :request_payer,
2415
- :bypass_governance_retention)
2753
+ :bypass_governance_retention,
2754
+ :expected_bucket_owner)
2416
2755
  SENSITIVE = []
2417
2756
  include Aws::Structure
2418
2757
  end
@@ -2436,6 +2775,7 @@ module Aws::S3
2436
2775
  # bucket: "BucketName", # required
2437
2776
  # key: "ObjectKey", # required
2438
2777
  # version_id: "ObjectVersionId",
2778
+ # expected_bucket_owner: "AccountId",
2439
2779
  # }
2440
2780
  #
2441
2781
  # @!attribute [rw] bucket
@@ -2446,14 +2786,24 @@ module Aws::S3
2446
2786
  # to the access point hostname. The access point hostname takes the
2447
2787
  # form
2448
2788
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2449
- # When using this operation using an access point through the AWS
2450
- # SDKs, you provide the access point ARN in place of the bucket name.
2451
- # For more information about access point ARNs, see [Using Access
2789
+ # When using this operation with an access point through the AWS SDKs,
2790
+ # you provide the access point ARN in place of the bucket name. For
2791
+ # more information about access point ARNs, see [Using Access
2452
2792
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
2453
2793
  #
2794
+ # When using this API with Amazon S3 on Outposts, you must direct
2795
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2796
+ # takes the form
2797
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2798
+ # When using this operation using S3 on Outposts through the AWS SDKs,
2799
+ # you provide the Outposts bucket ARN in place of the bucket name. For
2800
+ # more information about S3 on Outposts ARNs, see [Using S3 on
2801
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
2802
+ #
2454
2803
  #
2455
2804
  #
2456
2805
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
2806
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
2457
2807
  # @return [String]
2458
2808
  #
2459
2809
  # @!attribute [rw] key
@@ -2464,12 +2814,19 @@ module Aws::S3
2464
2814
  # The versionId of the object that the tag-set will be removed from.
2465
2815
  # @return [String]
2466
2816
  #
2817
+ # @!attribute [rw] expected_bucket_owner
2818
+ # The account id of the expected bucket owner. If the bucket is owned
2819
+ # by a different account, the request will fail with an HTTP `403
2820
+ # (Access Denied)` error.
2821
+ # @return [String]
2822
+ #
2467
2823
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTaggingRequest AWS API Documentation
2468
2824
  #
2469
2825
  class DeleteObjectTaggingRequest < Struct.new(
2470
2826
  :bucket,
2471
2827
  :key,
2472
- :version_id)
2828
+ :version_id,
2829
+ :expected_bucket_owner)
2473
2830
  SENSITIVE = []
2474
2831
  include Aws::Structure
2475
2832
  end
@@ -2516,6 +2873,7 @@ module Aws::S3
2516
2873
  # mfa: "MFA",
2517
2874
  # request_payer: "requester", # accepts requester
2518
2875
  # bypass_governance_retention: false,
2876
+ # expected_bucket_owner: "AccountId",
2519
2877
  # }
2520
2878
  #
2521
2879
  # @!attribute [rw] bucket
@@ -2525,14 +2883,24 @@ module Aws::S3
2525
2883
  # to the access point hostname. The access point hostname takes the
2526
2884
  # form
2527
2885
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2528
- # When using this operation using an access point through the AWS
2529
- # SDKs, you provide the access point ARN in place of the bucket name.
2530
- # For more information about access point ARNs, see [Using Access
2886
+ # When using this operation with an access point through the AWS SDKs,
2887
+ # you provide the access point ARN in place of the bucket name. For
2888
+ # more information about access point ARNs, see [Using Access
2531
2889
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
2532
2890
  #
2891
+ # When using this API with Amazon S3 on Outposts, you must direct
2892
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2893
+ # takes the form
2894
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2895
+ # When using this operation using S3 on Outposts through the AWS SDKs,
2896
+ # you provide the Outposts bucket ARN in place of the bucket name. For
2897
+ # more information about S3 on Outposts ARNs, see [Using S3 on
2898
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
2899
+ #
2533
2900
  #
2534
2901
  #
2535
2902
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
2903
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
2536
2904
  # @return [String]
2537
2905
  #
2538
2906
  # @!attribute [rw] delete
@@ -2564,6 +2932,12 @@ module Aws::S3
2564
2932
  # permissions to perform this operation.
2565
2933
  # @return [Boolean]
2566
2934
  #
2935
+ # @!attribute [rw] expected_bucket_owner
2936
+ # The account id of the expected bucket owner. If the bucket is owned
2937
+ # by a different account, the request will fail with an HTTP `403
2938
+ # (Access Denied)` error.
2939
+ # @return [String]
2940
+ #
2567
2941
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectsRequest AWS API Documentation
2568
2942
  #
2569
2943
  class DeleteObjectsRequest < Struct.new(
@@ -2571,7 +2945,8 @@ module Aws::S3
2571
2945
  :delete,
2572
2946
  :mfa,
2573
2947
  :request_payer,
2574
- :bypass_governance_retention)
2948
+ :bypass_governance_retention,
2949
+ :expected_bucket_owner)
2575
2950
  SENSITIVE = []
2576
2951
  include Aws::Structure
2577
2952
  end
@@ -2581,6 +2956,7 @@ module Aws::S3
2581
2956
  #
2582
2957
  # {
2583
2958
  # bucket: "BucketName", # required
2959
+ # expected_bucket_owner: "AccountId",
2584
2960
  # }
2585
2961
  #
2586
2962
  # @!attribute [rw] bucket
@@ -2588,10 +2964,17 @@ module Aws::S3
2588
2964
  # want to delete.
2589
2965
  # @return [String]
2590
2966
  #
2967
+ # @!attribute [rw] expected_bucket_owner
2968
+ # The account id of the expected bucket owner. If the bucket is owned
2969
+ # by a different account, the request will fail with an HTTP `403
2970
+ # (Access Denied)` error.
2971
+ # @return [String]
2972
+ #
2591
2973
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlockRequest AWS API Documentation
2592
2974
  #
2593
2975
  class DeletePublicAccessBlockRequest < Struct.new(
2594
- :bucket)
2976
+ :bucket,
2977
+ :expected_bucket_owner)
2595
2978
  SENSITIVE = []
2596
2979
  include Aws::Structure
2597
2980
  end
@@ -2641,7 +3024,7 @@ module Aws::S3
2641
3024
  # {
2642
3025
  # bucket: "BucketName", # required
2643
3026
  # account: "AccountId",
2644
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
3027
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
2645
3028
  # access_control_translation: {
2646
3029
  # owner: "Destination", # required, accepts Destination
2647
3030
  # },
@@ -3750,17 +4133,25 @@ module Aws::S3
3750
4133
  #
3751
4134
  # {
3752
4135
  # bucket: "BucketName", # required
4136
+ # expected_bucket_owner: "AccountId",
3753
4137
  # }
3754
4138
  #
3755
4139
  # @!attribute [rw] bucket
3756
- # Name of the bucket for which the accelerate configuration is
4140
+ # The name of the bucket for which the accelerate configuration is
3757
4141
  # retrieved.
3758
4142
  # @return [String]
3759
4143
  #
4144
+ # @!attribute [rw] expected_bucket_owner
4145
+ # The account id of the expected bucket owner. If the bucket is owned
4146
+ # by a different account, the request will fail with an HTTP `403
4147
+ # (Access Denied)` error.
4148
+ # @return [String]
4149
+ #
3760
4150
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfigurationRequest AWS API Documentation
3761
4151
  #
3762
4152
  class GetBucketAccelerateConfigurationRequest < Struct.new(
3763
- :bucket)
4153
+ :bucket,
4154
+ :expected_bucket_owner)
3764
4155
  SENSITIVE = []
3765
4156
  include Aws::Structure
3766
4157
  end
@@ -3787,16 +4178,24 @@ module Aws::S3
3787
4178
  #
3788
4179
  # {
3789
4180
  # bucket: "BucketName", # required
4181
+ # expected_bucket_owner: "AccountId",
3790
4182
  # }
3791
4183
  #
3792
4184
  # @!attribute [rw] bucket
3793
4185
  # Specifies the S3 bucket whose ACL is being requested.
3794
4186
  # @return [String]
3795
4187
  #
4188
+ # @!attribute [rw] expected_bucket_owner
4189
+ # The account id of the expected bucket owner. If the bucket is owned
4190
+ # by a different account, the request will fail with an HTTP `403
4191
+ # (Access Denied)` error.
4192
+ # @return [String]
4193
+ #
3796
4194
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAclRequest AWS API Documentation
3797
4195
  #
3798
4196
  class GetBucketAclRequest < Struct.new(
3799
- :bucket)
4197
+ :bucket,
4198
+ :expected_bucket_owner)
3800
4199
  SENSITIVE = []
3801
4200
  include Aws::Structure
3802
4201
  end
@@ -3819,6 +4218,7 @@ module Aws::S3
3819
4218
  # {
3820
4219
  # bucket: "BucketName", # required
3821
4220
  # id: "AnalyticsId", # required
4221
+ # expected_bucket_owner: "AccountId",
3822
4222
  # }
3823
4223
  #
3824
4224
  # @!attribute [rw] bucket
@@ -3830,11 +4230,18 @@ module Aws::S3
3830
4230
  # The ID that identifies the analytics configuration.
3831
4231
  # @return [String]
3832
4232
  #
4233
+ # @!attribute [rw] expected_bucket_owner
4234
+ # The account id of the expected bucket owner. If the bucket is owned
4235
+ # by a different account, the request will fail with an HTTP `403
4236
+ # (Access Denied)` error.
4237
+ # @return [String]
4238
+ #
3833
4239
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfigurationRequest AWS API Documentation
3834
4240
  #
3835
4241
  class GetBucketAnalyticsConfigurationRequest < Struct.new(
3836
4242
  :bucket,
3837
- :id)
4243
+ :id,
4244
+ :expected_bucket_owner)
3838
4245
  SENSITIVE = []
3839
4246
  include Aws::Structure
3840
4247
  end
@@ -3857,16 +4264,24 @@ module Aws::S3
3857
4264
  #
3858
4265
  # {
3859
4266
  # bucket: "BucketName", # required
4267
+ # expected_bucket_owner: "AccountId",
3860
4268
  # }
3861
4269
  #
3862
4270
  # @!attribute [rw] bucket
3863
4271
  # The bucket name for which to get the cors configuration.
3864
4272
  # @return [String]
3865
4273
  #
4274
+ # @!attribute [rw] expected_bucket_owner
4275
+ # The account id of the expected bucket owner. If the bucket is owned
4276
+ # by a different account, the request will fail with an HTTP `403
4277
+ # (Access Denied)` error.
4278
+ # @return [String]
4279
+ #
3866
4280
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCorsRequest AWS API Documentation
3867
4281
  #
3868
4282
  class GetBucketCorsRequest < Struct.new(
3869
- :bucket)
4283
+ :bucket,
4284
+ :expected_bucket_owner)
3870
4285
  SENSITIVE = []
3871
4286
  include Aws::Structure
3872
4287
  end
@@ -3888,6 +4303,7 @@ module Aws::S3
3888
4303
  #
3889
4304
  # {
3890
4305
  # bucket: "BucketName", # required
4306
+ # expected_bucket_owner: "AccountId",
3891
4307
  # }
3892
4308
  #
3893
4309
  # @!attribute [rw] bucket
@@ -3895,10 +4311,17 @@ module Aws::S3
3895
4311
  # configuration is retrieved.
3896
4312
  # @return [String]
3897
4313
  #
4314
+ # @!attribute [rw] expected_bucket_owner
4315
+ # The account id of the expected bucket owner. If the bucket is owned
4316
+ # by a different account, the request will fail with an HTTP `403
4317
+ # (Access Denied)` error.
4318
+ # @return [String]
4319
+ #
3898
4320
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest AWS API Documentation
3899
4321
  #
3900
4322
  class GetBucketEncryptionRequest < Struct.new(
3901
- :bucket)
4323
+ :bucket,
4324
+ :expected_bucket_owner)
3902
4325
  SENSITIVE = []
3903
4326
  include Aws::Structure
3904
4327
  end
@@ -3921,6 +4344,7 @@ module Aws::S3
3921
4344
  # {
3922
4345
  # bucket: "BucketName", # required
3923
4346
  # id: "InventoryId", # required
4347
+ # expected_bucket_owner: "AccountId",
3924
4348
  # }
3925
4349
  #
3926
4350
  # @!attribute [rw] bucket
@@ -3932,11 +4356,18 @@ module Aws::S3
3932
4356
  # The ID used to identify the inventory configuration.
3933
4357
  # @return [String]
3934
4358
  #
4359
+ # @!attribute [rw] expected_bucket_owner
4360
+ # The account id of the expected bucket owner. If the bucket is owned
4361
+ # by a different account, the request will fail with an HTTP `403
4362
+ # (Access Denied)` error.
4363
+ # @return [String]
4364
+ #
3935
4365
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfigurationRequest AWS API Documentation
3936
4366
  #
3937
4367
  class GetBucketInventoryConfigurationRequest < Struct.new(
3938
4368
  :bucket,
3939
- :id)
4369
+ :id,
4370
+ :expected_bucket_owner)
3940
4371
  SENSITIVE = []
3941
4372
  include Aws::Structure
3942
4373
  end
@@ -3958,16 +4389,24 @@ module Aws::S3
3958
4389
  #
3959
4390
  # {
3960
4391
  # bucket: "BucketName", # required
4392
+ # expected_bucket_owner: "AccountId",
3961
4393
  # }
3962
4394
  #
3963
4395
  # @!attribute [rw] bucket
3964
4396
  # The name of the bucket for which to get the lifecycle information.
3965
4397
  # @return [String]
3966
4398
  #
4399
+ # @!attribute [rw] expected_bucket_owner
4400
+ # The account id of the expected bucket owner. If the bucket is owned
4401
+ # by a different account, the request will fail with an HTTP `403
4402
+ # (Access Denied)` error.
4403
+ # @return [String]
4404
+ #
3967
4405
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationRequest AWS API Documentation
3968
4406
  #
3969
4407
  class GetBucketLifecycleConfigurationRequest < Struct.new(
3970
- :bucket)
4408
+ :bucket,
4409
+ :expected_bucket_owner)
3971
4410
  SENSITIVE = []
3972
4411
  include Aws::Structure
3973
4412
  end
@@ -3989,16 +4428,24 @@ module Aws::S3
3989
4428
  #
3990
4429
  # {
3991
4430
  # bucket: "BucketName", # required
4431
+ # expected_bucket_owner: "AccountId",
3992
4432
  # }
3993
4433
  #
3994
4434
  # @!attribute [rw] bucket
3995
4435
  # The name of the bucket for which to get the lifecycle information.
3996
4436
  # @return [String]
3997
4437
  #
4438
+ # @!attribute [rw] expected_bucket_owner
4439
+ # The account id of the expected bucket owner. If the bucket is owned
4440
+ # by a different account, the request will fail with an HTTP `403
4441
+ # (Access Denied)` error.
4442
+ # @return [String]
4443
+ #
3998
4444
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleRequest AWS API Documentation
3999
4445
  #
4000
4446
  class GetBucketLifecycleRequest < Struct.new(
4001
- :bucket)
4447
+ :bucket,
4448
+ :expected_bucket_owner)
4002
4449
  SENSITIVE = []
4003
4450
  include Aws::Structure
4004
4451
  end
@@ -4027,16 +4474,24 @@ module Aws::S3
4027
4474
  #
4028
4475
  # {
4029
4476
  # bucket: "BucketName", # required
4477
+ # expected_bucket_owner: "AccountId",
4030
4478
  # }
4031
4479
  #
4032
4480
  # @!attribute [rw] bucket
4033
4481
  # The name of the bucket for which to get the location.
4034
4482
  # @return [String]
4035
4483
  #
4484
+ # @!attribute [rw] expected_bucket_owner
4485
+ # The account id of the expected bucket owner. If the bucket is owned
4486
+ # by a different account, the request will fail with an HTTP `403
4487
+ # (Access Denied)` error.
4488
+ # @return [String]
4489
+ #
4036
4490
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocationRequest AWS API Documentation
4037
4491
  #
4038
4492
  class GetBucketLocationRequest < Struct.new(
4039
- :bucket)
4493
+ :bucket,
4494
+ :expected_bucket_owner)
4040
4495
  SENSITIVE = []
4041
4496
  include Aws::Structure
4042
4497
  end
@@ -4065,16 +4520,24 @@ module Aws::S3
4065
4520
  #
4066
4521
  # {
4067
4522
  # bucket: "BucketName", # required
4523
+ # expected_bucket_owner: "AccountId",
4068
4524
  # }
4069
4525
  #
4070
4526
  # @!attribute [rw] bucket
4071
4527
  # The bucket name for which to get the logging information.
4072
4528
  # @return [String]
4073
4529
  #
4530
+ # @!attribute [rw] expected_bucket_owner
4531
+ # The account id of the expected bucket owner. If the bucket is owned
4532
+ # by a different account, the request will fail with an HTTP `403
4533
+ # (Access Denied)` error.
4534
+ # @return [String]
4535
+ #
4074
4536
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLoggingRequest AWS API Documentation
4075
4537
  #
4076
4538
  class GetBucketLoggingRequest < Struct.new(
4077
- :bucket)
4539
+ :bucket,
4540
+ :expected_bucket_owner)
4078
4541
  SENSITIVE = []
4079
4542
  include Aws::Structure
4080
4543
  end
@@ -4097,6 +4560,7 @@ module Aws::S3
4097
4560
  # {
4098
4561
  # bucket: "BucketName", # required
4099
4562
  # id: "MetricsId", # required
4563
+ # expected_bucket_owner: "AccountId",
4100
4564
  # }
4101
4565
  #
4102
4566
  # @!attribute [rw] bucket
@@ -4108,11 +4572,18 @@ module Aws::S3
4108
4572
  # The ID used to identify the metrics configuration.
4109
4573
  # @return [String]
4110
4574
  #
4575
+ # @!attribute [rw] expected_bucket_owner
4576
+ # The account id of the expected bucket owner. If the bucket is owned
4577
+ # by a different account, the request will fail with an HTTP `403
4578
+ # (Access Denied)` error.
4579
+ # @return [String]
4580
+ #
4111
4581
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfigurationRequest AWS API Documentation
4112
4582
  #
4113
4583
  class GetBucketMetricsConfigurationRequest < Struct.new(
4114
4584
  :bucket,
4115
- :id)
4585
+ :id,
4586
+ :expected_bucket_owner)
4116
4587
  SENSITIVE = []
4117
4588
  include Aws::Structure
4118
4589
  end
@@ -4122,16 +4593,63 @@ module Aws::S3
4122
4593
  #
4123
4594
  # {
4124
4595
  # bucket: "BucketName", # required
4596
+ # expected_bucket_owner: "AccountId",
4125
4597
  # }
4126
4598
  #
4127
4599
  # @!attribute [rw] bucket
4128
- # Name of the bucket for which to get the notification configuration.
4600
+ # The name of the bucket for which to get the notification
4601
+ # configuration.
4602
+ # @return [String]
4603
+ #
4604
+ # @!attribute [rw] expected_bucket_owner
4605
+ # The account id of the expected bucket owner. If the bucket is owned
4606
+ # by a different account, the request will fail with an HTTP `403
4607
+ # (Access Denied)` error.
4129
4608
  # @return [String]
4130
4609
  #
4131
4610
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfigurationRequest AWS API Documentation
4132
4611
  #
4133
4612
  class GetBucketNotificationConfigurationRequest < Struct.new(
4134
- :bucket)
4613
+ :bucket,
4614
+ :expected_bucket_owner)
4615
+ SENSITIVE = []
4616
+ include Aws::Structure
4617
+ end
4618
+
4619
+ # @!attribute [rw] ownership_controls
4620
+ # The `OwnershipControls` (BucketOwnerPreferred or ObjectWriter)
4621
+ # currently in effect for this Amazon S3 bucket.
4622
+ # @return [Types::OwnershipControls]
4623
+ #
4624
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControlsOutput AWS API Documentation
4625
+ #
4626
+ class GetBucketOwnershipControlsOutput < Struct.new(
4627
+ :ownership_controls)
4628
+ SENSITIVE = []
4629
+ include Aws::Structure
4630
+ end
4631
+
4632
+ # @note When making an API call, you may pass GetBucketOwnershipControlsRequest
4633
+ # data as a hash:
4634
+ #
4635
+ # {
4636
+ # bucket: "BucketName", # required
4637
+ # expected_bucket_owner: "AccountId",
4638
+ # }
4639
+ #
4640
+ # @!attribute [rw] bucket
4641
+ # The name of the Amazon S3 bucket whose `OwnershipControls` you want
4642
+ # to retrieve.
4643
+ # @return [String]
4644
+ #
4645
+ # @!attribute [rw] expected_bucket_owner
4646
+ # @return [String]
4647
+ #
4648
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControlsRequest AWS API Documentation
4649
+ #
4650
+ class GetBucketOwnershipControlsRequest < Struct.new(
4651
+ :bucket,
4652
+ :expected_bucket_owner)
4135
4653
  SENSITIVE = []
4136
4654
  include Aws::Structure
4137
4655
  end
@@ -4153,16 +4671,24 @@ module Aws::S3
4153
4671
  #
4154
4672
  # {
4155
4673
  # bucket: "BucketName", # required
4674
+ # expected_bucket_owner: "AccountId",
4156
4675
  # }
4157
4676
  #
4158
4677
  # @!attribute [rw] bucket
4159
4678
  # The bucket name for which to get the bucket policy.
4160
4679
  # @return [String]
4161
4680
  #
4681
+ # @!attribute [rw] expected_bucket_owner
4682
+ # The account id of the expected bucket owner. If the bucket is owned
4683
+ # by a different account, the request will fail with an HTTP `403
4684
+ # (Access Denied)` error.
4685
+ # @return [String]
4686
+ #
4162
4687
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyRequest AWS API Documentation
4163
4688
  #
4164
4689
  class GetBucketPolicyRequest < Struct.new(
4165
- :bucket)
4690
+ :bucket,
4691
+ :expected_bucket_owner)
4166
4692
  SENSITIVE = []
4167
4693
  include Aws::Structure
4168
4694
  end
@@ -4184,6 +4710,7 @@ module Aws::S3
4184
4710
  #
4185
4711
  # {
4186
4712
  # bucket: "BucketName", # required
4713
+ # expected_bucket_owner: "AccountId",
4187
4714
  # }
4188
4715
  #
4189
4716
  # @!attribute [rw] bucket
@@ -4191,10 +4718,17 @@ module Aws::S3
4191
4718
  # retrieve.
4192
4719
  # @return [String]
4193
4720
  #
4721
+ # @!attribute [rw] expected_bucket_owner
4722
+ # The account id of the expected bucket owner. If the bucket is owned
4723
+ # by a different account, the request will fail with an HTTP `403
4724
+ # (Access Denied)` error.
4725
+ # @return [String]
4726
+ #
4194
4727
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatusRequest AWS API Documentation
4195
4728
  #
4196
4729
  class GetBucketPolicyStatusRequest < Struct.new(
4197
- :bucket)
4730
+ :bucket,
4731
+ :expected_bucket_owner)
4198
4732
  SENSITIVE = []
4199
4733
  include Aws::Structure
4200
4734
  end
@@ -4217,16 +4751,24 @@ module Aws::S3
4217
4751
  #
4218
4752
  # {
4219
4753
  # bucket: "BucketName", # required
4754
+ # expected_bucket_owner: "AccountId",
4220
4755
  # }
4221
4756
  #
4222
4757
  # @!attribute [rw] bucket
4223
4758
  # The bucket name for which to get the replication information.
4224
4759
  # @return [String]
4225
4760
  #
4761
+ # @!attribute [rw] expected_bucket_owner
4762
+ # The account id of the expected bucket owner. If the bucket is owned
4763
+ # by a different account, the request will fail with an HTTP `403
4764
+ # (Access Denied)` error.
4765
+ # @return [String]
4766
+ #
4226
4767
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplicationRequest AWS API Documentation
4227
4768
  #
4228
4769
  class GetBucketReplicationRequest < Struct.new(
4229
- :bucket)
4770
+ :bucket,
4771
+ :expected_bucket_owner)
4230
4772
  SENSITIVE = []
4231
4773
  include Aws::Structure
4232
4774
  end
@@ -4248,6 +4790,7 @@ module Aws::S3
4248
4790
  #
4249
4791
  # {
4250
4792
  # bucket: "BucketName", # required
4793
+ # expected_bucket_owner: "AccountId",
4251
4794
  # }
4252
4795
  #
4253
4796
  # @!attribute [rw] bucket
@@ -4255,10 +4798,17 @@ module Aws::S3
4255
4798
  # configuration
4256
4799
  # @return [String]
4257
4800
  #
4801
+ # @!attribute [rw] expected_bucket_owner
4802
+ # The account id of the expected bucket owner. If the bucket is owned
4803
+ # by a different account, the request will fail with an HTTP `403
4804
+ # (Access Denied)` error.
4805
+ # @return [String]
4806
+ #
4258
4807
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPaymentRequest AWS API Documentation
4259
4808
  #
4260
4809
  class GetBucketRequestPaymentRequest < Struct.new(
4261
- :bucket)
4810
+ :bucket,
4811
+ :expected_bucket_owner)
4262
4812
  SENSITIVE = []
4263
4813
  include Aws::Structure
4264
4814
  end
@@ -4280,16 +4830,24 @@ module Aws::S3
4280
4830
  #
4281
4831
  # {
4282
4832
  # bucket: "BucketName", # required
4833
+ # expected_bucket_owner: "AccountId",
4283
4834
  # }
4284
4835
  #
4285
4836
  # @!attribute [rw] bucket
4286
4837
  # The name of the bucket for which to get the tagging information.
4287
4838
  # @return [String]
4288
4839
  #
4840
+ # @!attribute [rw] expected_bucket_owner
4841
+ # The account id of the expected bucket owner. If the bucket is owned
4842
+ # by a different account, the request will fail with an HTTP `403
4843
+ # (Access Denied)` error.
4844
+ # @return [String]
4845
+ #
4289
4846
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTaggingRequest AWS API Documentation
4290
4847
  #
4291
4848
  class GetBucketTaggingRequest < Struct.new(
4292
- :bucket)
4849
+ :bucket,
4850
+ :expected_bucket_owner)
4293
4851
  SENSITIVE = []
4294
4852
  include Aws::Structure
4295
4853
  end
@@ -4319,16 +4877,24 @@ module Aws::S3
4319
4877
  #
4320
4878
  # {
4321
4879
  # bucket: "BucketName", # required
4880
+ # expected_bucket_owner: "AccountId",
4322
4881
  # }
4323
4882
  #
4324
4883
  # @!attribute [rw] bucket
4325
4884
  # The name of the bucket for which to get the versioning information.
4326
4885
  # @return [String]
4327
4886
  #
4887
+ # @!attribute [rw] expected_bucket_owner
4888
+ # The account id of the expected bucket owner. If the bucket is owned
4889
+ # by a different account, the request will fail with an HTTP `403
4890
+ # (Access Denied)` error.
4891
+ # @return [String]
4892
+ #
4328
4893
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioningRequest AWS API Documentation
4329
4894
  #
4330
4895
  class GetBucketVersioningRequest < Struct.new(
4331
- :bucket)
4896
+ :bucket,
4897
+ :expected_bucket_owner)
4332
4898
  SENSITIVE = []
4333
4899
  include Aws::Structure
4334
4900
  end
@@ -4369,16 +4935,24 @@ module Aws::S3
4369
4935
  #
4370
4936
  # {
4371
4937
  # bucket: "BucketName", # required
4938
+ # expected_bucket_owner: "AccountId",
4372
4939
  # }
4373
4940
  #
4374
4941
  # @!attribute [rw] bucket
4375
4942
  # The bucket name for which to get the website configuration.
4376
4943
  # @return [String]
4377
4944
  #
4945
+ # @!attribute [rw] expected_bucket_owner
4946
+ # The account id of the expected bucket owner. If the bucket is owned
4947
+ # by a different account, the request will fail with an HTTP `403
4948
+ # (Access Denied)` error.
4949
+ # @return [String]
4950
+ #
4378
4951
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsiteRequest AWS API Documentation
4379
4952
  #
4380
4953
  class GetBucketWebsiteRequest < Struct.new(
4381
- :bucket)
4954
+ :bucket,
4955
+ :expected_bucket_owner)
4382
4956
  SENSITIVE = []
4383
4957
  include Aws::Structure
4384
4958
  end
@@ -4414,6 +4988,7 @@ module Aws::S3
4414
4988
  # key: "ObjectKey", # required
4415
4989
  # version_id: "ObjectVersionId",
4416
4990
  # request_payer: "requester", # accepts requester
4991
+ # expected_bucket_owner: "AccountId",
4417
4992
  # }
4418
4993
  #
4419
4994
  # @!attribute [rw] bucket
@@ -4424,9 +4999,9 @@ module Aws::S3
4424
4999
  # to the access point hostname. The access point hostname takes the
4425
5000
  # form
4426
5001
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4427
- # When using this operation using an access point through the AWS
4428
- # SDKs, you provide the access point ARN in place of the bucket name.
4429
- # For more information about access point ARNs, see [Using Access
5002
+ # When using this operation with an access point through the AWS SDKs,
5003
+ # you provide the access point ARN in place of the bucket name. For
5004
+ # more information about access point ARNs, see [Using Access
4430
5005
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4431
5006
  #
4432
5007
  #
@@ -4454,13 +5029,20 @@ module Aws::S3
4454
5029
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
4455
5030
  # @return [String]
4456
5031
  #
5032
+ # @!attribute [rw] expected_bucket_owner
5033
+ # The account id of the expected bucket owner. If the bucket is owned
5034
+ # by a different account, the request will fail with an HTTP `403
5035
+ # (Access Denied)` error.
5036
+ # @return [String]
5037
+ #
4457
5038
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAclRequest AWS API Documentation
4458
5039
  #
4459
5040
  class GetObjectAclRequest < Struct.new(
4460
5041
  :bucket,
4461
5042
  :key,
4462
5043
  :version_id,
4463
- :request_payer)
5044
+ :request_payer,
5045
+ :expected_bucket_owner)
4464
5046
  SENSITIVE = []
4465
5047
  include Aws::Structure
4466
5048
  end
@@ -4485,6 +5067,7 @@ module Aws::S3
4485
5067
  # key: "ObjectKey", # required
4486
5068
  # version_id: "ObjectVersionId",
4487
5069
  # request_payer: "requester", # accepts requester
5070
+ # expected_bucket_owner: "AccountId",
4488
5071
  # }
4489
5072
  #
4490
5073
  # @!attribute [rw] bucket
@@ -4495,9 +5078,9 @@ module Aws::S3
4495
5078
  # to the access point hostname. The access point hostname takes the
4496
5079
  # form
4497
5080
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4498
- # When using this operation using an access point through the AWS
4499
- # SDKs, you provide the access point ARN in place of the bucket name.
4500
- # For more information about access point ARNs, see [Using Access
5081
+ # When using this operation with an access point through the AWS SDKs,
5082
+ # you provide the access point ARN in place of the bucket name. For
5083
+ # more information about access point ARNs, see [Using Access
4501
5084
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4502
5085
  #
4503
5086
  #
@@ -4527,13 +5110,20 @@ module Aws::S3
4527
5110
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
4528
5111
  # @return [String]
4529
5112
  #
5113
+ # @!attribute [rw] expected_bucket_owner
5114
+ # The account id of the expected bucket owner. If the bucket is owned
5115
+ # by a different account, the request will fail with an HTTP `403
5116
+ # (Access Denied)` error.
5117
+ # @return [String]
5118
+ #
4530
5119
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHoldRequest AWS API Documentation
4531
5120
  #
4532
5121
  class GetObjectLegalHoldRequest < Struct.new(
4533
5122
  :bucket,
4534
5123
  :key,
4535
5124
  :version_id,
4536
- :request_payer)
5125
+ :request_payer,
5126
+ :expected_bucket_owner)
4537
5127
  SENSITIVE = []
4538
5128
  include Aws::Structure
4539
5129
  end
@@ -4555,16 +5145,37 @@ module Aws::S3
4555
5145
  #
4556
5146
  # {
4557
5147
  # bucket: "BucketName", # required
5148
+ # expected_bucket_owner: "AccountId",
4558
5149
  # }
4559
5150
  #
4560
5151
  # @!attribute [rw] bucket
4561
5152
  # The bucket whose Object Lock configuration you want to retrieve.
5153
+ #
5154
+ # When using this API with an access point, you must direct requests
5155
+ # to the access point hostname. The access point hostname takes the
5156
+ # form
5157
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5158
+ # When using this operation with an access point through the AWS SDKs,
5159
+ # you provide the access point ARN in place of the bucket name. For
5160
+ # more information about access point ARNs, see [Using Access
5161
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
5162
+ #
5163
+ #
5164
+ #
5165
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5166
+ # @return [String]
5167
+ #
5168
+ # @!attribute [rw] expected_bucket_owner
5169
+ # The account id of the expected bucket owner. If the bucket is owned
5170
+ # by a different account, the request will fail with an HTTP `403
5171
+ # (Access Denied)` error.
4562
5172
  # @return [String]
4563
5173
  #
4564
5174
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfigurationRequest AWS API Documentation
4565
5175
  #
4566
5176
  class GetObjectLockConfigurationRequest < Struct.new(
4567
- :bucket)
5177
+ :bucket,
5178
+ :expected_bucket_owner)
4568
5179
  SENSITIVE = []
4569
5180
  include Aws::Structure
4570
5181
  end
@@ -4788,6 +5399,7 @@ module Aws::S3
4788
5399
  # sse_customer_key_md5: "SSECustomerKeyMD5",
4789
5400
  # request_payer: "requester", # accepts requester
4790
5401
  # part_number: 1,
5402
+ # expected_bucket_owner: "AccountId",
4791
5403
  # }
4792
5404
  #
4793
5405
  # @!attribute [rw] bucket
@@ -4797,14 +5409,24 @@ module Aws::S3
4797
5409
  # to the access point hostname. The access point hostname takes the
4798
5410
  # form
4799
5411
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4800
- # When using this operation using an access point through the AWS
4801
- # SDKs, you provide the access point ARN in place of the bucket name.
4802
- # For more information about access point ARNs, see [Using Access
5412
+ # When using this operation with an access point through the AWS SDKs,
5413
+ # you provide the access point ARN in place of the bucket name. For
5414
+ # more information about access point ARNs, see [Using Access
4803
5415
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4804
5416
  #
5417
+ # When using this API with Amazon S3 on Outposts, you must direct
5418
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5419
+ # takes the form
5420
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5421
+ # When using this operation using S3 on Outposts through the AWS SDKs,
5422
+ # you provide the Outposts bucket ARN in place of the bucket name. For
5423
+ # more information about S3 on Outposts ARNs, see [Using S3 on
5424
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
5425
+ #
4805
5426
  #
4806
5427
  #
4807
5428
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5429
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
4808
5430
  # @return [String]
4809
5431
  #
4810
5432
  # @!attribute [rw] if_match
@@ -4884,7 +5506,7 @@ module Aws::S3
4884
5506
  # in encrypting data. This value is used to store the object and then
4885
5507
  # it is discarded; Amazon S3 does not store the encryption key. The
4886
5508
  # key must be appropriate for use with the algorithm specified in the
4887
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
5509
+ # `x-amz-server-side-encryption-customer-algorithm` header.
4888
5510
  # @return [String]
4889
5511
  #
4890
5512
  # @!attribute [rw] sse_customer_key_md5
@@ -4912,6 +5534,12 @@ module Aws::S3
4912
5534
  # object.
4913
5535
  # @return [Integer]
4914
5536
  #
5537
+ # @!attribute [rw] expected_bucket_owner
5538
+ # The account id of the expected bucket owner. If the bucket is owned
5539
+ # by a different account, the request will fail with an HTTP `403
5540
+ # (Access Denied)` error.
5541
+ # @return [String]
5542
+ #
4915
5543
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRequest AWS API Documentation
4916
5544
  #
4917
5545
  class GetObjectRequest < Struct.new(
@@ -4933,7 +5561,8 @@ module Aws::S3
4933
5561
  :sse_customer_key,
4934
5562
  :sse_customer_key_md5,
4935
5563
  :request_payer,
4936
- :part_number)
5564
+ :part_number,
5565
+ :expected_bucket_owner)
4937
5566
  SENSITIVE = [:sse_customer_key]
4938
5567
  include Aws::Structure
4939
5568
  end
@@ -4958,6 +5587,7 @@ module Aws::S3
4958
5587
  # key: "ObjectKey", # required
4959
5588
  # version_id: "ObjectVersionId",
4960
5589
  # request_payer: "requester", # accepts requester
5590
+ # expected_bucket_owner: "AccountId",
4961
5591
  # }
4962
5592
  #
4963
5593
  # @!attribute [rw] bucket
@@ -4968,9 +5598,9 @@ module Aws::S3
4968
5598
  # to the access point hostname. The access point hostname takes the
4969
5599
  # form
4970
5600
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4971
- # When using this operation using an access point through the AWS
4972
- # SDKs, you provide the access point ARN in place of the bucket name.
4973
- # For more information about access point ARNs, see [Using Access
5601
+ # When using this operation with an access point through the AWS SDKs,
5602
+ # you provide the access point ARN in place of the bucket name. For
5603
+ # more information about access point ARNs, see [Using Access
4974
5604
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4975
5605
  #
4976
5606
  #
@@ -5000,13 +5630,20 @@ module Aws::S3
5000
5630
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
5001
5631
  # @return [String]
5002
5632
  #
5633
+ # @!attribute [rw] expected_bucket_owner
5634
+ # The account id of the expected bucket owner. If the bucket is owned
5635
+ # by a different account, the request will fail with an HTTP `403
5636
+ # (Access Denied)` error.
5637
+ # @return [String]
5638
+ #
5003
5639
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetentionRequest AWS API Documentation
5004
5640
  #
5005
5641
  class GetObjectRetentionRequest < Struct.new(
5006
5642
  :bucket,
5007
5643
  :key,
5008
5644
  :version_id,
5009
- :request_payer)
5645
+ :request_payer,
5646
+ :expected_bucket_owner)
5010
5647
  SENSITIVE = []
5011
5648
  include Aws::Structure
5012
5649
  end
@@ -5036,6 +5673,7 @@ module Aws::S3
5036
5673
  # bucket: "BucketName", # required
5037
5674
  # key: "ObjectKey", # required
5038
5675
  # version_id: "ObjectVersionId",
5676
+ # expected_bucket_owner: "AccountId",
5039
5677
  # }
5040
5678
  #
5041
5679
  # @!attribute [rw] bucket
@@ -5046,14 +5684,24 @@ module Aws::S3
5046
5684
  # to the access point hostname. The access point hostname takes the
5047
5685
  # form
5048
5686
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5049
- # When using this operation using an access point through the AWS
5050
- # SDKs, you provide the access point ARN in place of the bucket name.
5051
- # For more information about access point ARNs, see [Using Access
5687
+ # When using this operation with an access point through the AWS SDKs,
5688
+ # you provide the access point ARN in place of the bucket name. For
5689
+ # more information about access point ARNs, see [Using Access
5052
5690
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
5053
5691
  #
5692
+ # When using this API with Amazon S3 on Outposts, you must direct
5693
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5694
+ # takes the form
5695
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5696
+ # When using this operation using S3 on Outposts through the AWS SDKs,
5697
+ # you provide the Outposts bucket ARN in place of the bucket name. For
5698
+ # more information about S3 on Outposts ARNs, see [Using S3 on
5699
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
5700
+ #
5054
5701
  #
5055
5702
  #
5056
5703
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5704
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
5057
5705
  # @return [String]
5058
5706
  #
5059
5707
  # @!attribute [rw] key
@@ -5065,12 +5713,19 @@ module Aws::S3
5065
5713
  # information.
5066
5714
  # @return [String]
5067
5715
  #
5716
+ # @!attribute [rw] expected_bucket_owner
5717
+ # The account id of the expected bucket owner. If the bucket is owned
5718
+ # by a different account, the request will fail with an HTTP `403
5719
+ # (Access Denied)` error.
5720
+ # @return [String]
5721
+ #
5068
5722
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTaggingRequest AWS API Documentation
5069
5723
  #
5070
5724
  class GetObjectTaggingRequest < Struct.new(
5071
5725
  :bucket,
5072
5726
  :key,
5073
- :version_id)
5727
+ :version_id,
5728
+ :expected_bucket_owner)
5074
5729
  SENSITIVE = []
5075
5730
  include Aws::Structure
5076
5731
  end
@@ -5100,6 +5755,7 @@ module Aws::S3
5100
5755
  # bucket: "BucketName", # required
5101
5756
  # key: "ObjectKey", # required
5102
5757
  # request_payer: "requester", # accepts requester
5758
+ # expected_bucket_owner: "AccountId",
5103
5759
  # }
5104
5760
  #
5105
5761
  # @!attribute [rw] bucket
@@ -5123,12 +5779,19 @@ module Aws::S3
5123
5779
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
5124
5780
  # @return [String]
5125
5781
  #
5782
+ # @!attribute [rw] expected_bucket_owner
5783
+ # The account id of the expected bucket owner. If the bucket is owned
5784
+ # by a different account, the request will fail with an HTTP `403
5785
+ # (Access Denied)` error.
5786
+ # @return [String]
5787
+ #
5126
5788
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrentRequest AWS API Documentation
5127
5789
  #
5128
5790
  class GetObjectTorrentRequest < Struct.new(
5129
5791
  :bucket,
5130
5792
  :key,
5131
- :request_payer)
5793
+ :request_payer,
5794
+ :expected_bucket_owner)
5132
5795
  SENSITIVE = []
5133
5796
  include Aws::Structure
5134
5797
  end
@@ -5151,6 +5814,7 @@ module Aws::S3
5151
5814
  #
5152
5815
  # {
5153
5816
  # bucket: "BucketName", # required
5817
+ # expected_bucket_owner: "AccountId",
5154
5818
  # }
5155
5819
  #
5156
5820
  # @!attribute [rw] bucket
@@ -5158,10 +5822,17 @@ module Aws::S3
5158
5822
  # configuration you want to retrieve.
5159
5823
  # @return [String]
5160
5824
  #
5825
+ # @!attribute [rw] expected_bucket_owner
5826
+ # The account id of the expected bucket owner. If the bucket is owned
5827
+ # by a different account, the request will fail with an HTTP `403
5828
+ # (Access Denied)` error.
5829
+ # @return [String]
5830
+ #
5161
5831
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlockRequest AWS API Documentation
5162
5832
  #
5163
5833
  class GetPublicAccessBlockRequest < Struct.new(
5164
- :bucket)
5834
+ :bucket,
5835
+ :expected_bucket_owner)
5165
5836
  SENSITIVE = []
5166
5837
  include Aws::Structure
5167
5838
  end
@@ -5298,16 +5969,47 @@ module Aws::S3
5298
5969
  #
5299
5970
  # {
5300
5971
  # bucket: "BucketName", # required
5972
+ # expected_bucket_owner: "AccountId",
5301
5973
  # }
5302
5974
  #
5303
5975
  # @!attribute [rw] bucket
5304
5976
  # The bucket name.
5977
+ #
5978
+ # When using this API with an access point, you must direct requests
5979
+ # to the access point hostname. The access point hostname takes the
5980
+ # form
5981
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5982
+ # When using this operation with an access point through the AWS SDKs,
5983
+ # you provide the access point ARN in place of the bucket name. For
5984
+ # more information about access point ARNs, see [Using Access
5985
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
5986
+ #
5987
+ # When using this API with Amazon S3 on Outposts, you must direct
5988
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5989
+ # takes the form
5990
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5991
+ # When using this operation using S3 on Outposts through the AWS SDKs,
5992
+ # you provide the Outposts bucket ARN in place of the bucket name. For
5993
+ # more information about S3 on Outposts ARNs, see [Using S3 on
5994
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
5995
+ #
5996
+ #
5997
+ #
5998
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5999
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
6000
+ # @return [String]
6001
+ #
6002
+ # @!attribute [rw] expected_bucket_owner
6003
+ # The account id of the expected bucket owner. If the bucket is owned
6004
+ # by a different account, the request will fail with an HTTP `403
6005
+ # (Access Denied)` error.
5305
6006
  # @return [String]
5306
6007
  #
5307
6008
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketRequest AWS API Documentation
5308
6009
  #
5309
6010
  class HeadBucketRequest < Struct.new(
5310
- :bucket)
6011
+ :bucket,
6012
+ :expected_bucket_owner)
5311
6013
  SENSITIVE = []
5312
6014
  include Aws::Structure
5313
6015
  end
@@ -5332,8 +6034,8 @@ module Aws::S3
5332
6034
  # @!attribute [rw] restore
5333
6035
  # If the object is an archived object (an object whose storage class
5334
6036
  # is GLACIER), the response includes this header if either the archive
5335
- # restoration is in progress (see RestoreObject or an archive copy is
5336
- # already restored.
6037
+ # restoration is in progress (see [RestoreObject][1] or an archive
6038
+ # copy is already restored.
5337
6039
  #
5338
6040
  # If an archive copy is already restored, the header value indicates
5339
6041
  # when Amazon S3 is scheduled to delete the object copy. For example:
@@ -5345,11 +6047,12 @@ module Aws::S3
5345
6047
  # value `ongoing-request="true"`.
5346
6048
  #
5347
6049
  # For more information about archiving objects, see [Transitioning
5348
- # Objects: General Considerations][1].
6050
+ # Objects: General Considerations][2].
5349
6051
  #
5350
6052
  #
5351
6053
  #
5352
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
6054
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
6055
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
5353
6056
  # @return [String]
5354
6057
  #
5355
6058
  # @!attribute [rw] last_modified
@@ -5583,10 +6286,34 @@ module Aws::S3
5583
6286
  # sse_customer_key_md5: "SSECustomerKeyMD5",
5584
6287
  # request_payer: "requester", # accepts requester
5585
6288
  # part_number: 1,
6289
+ # expected_bucket_owner: "AccountId",
5586
6290
  # }
5587
6291
  #
5588
6292
  # @!attribute [rw] bucket
5589
6293
  # The name of the bucket containing the object.
6294
+ #
6295
+ # When using this API with an access point, you must direct requests
6296
+ # to the access point hostname. The access point hostname takes the
6297
+ # form
6298
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6299
+ # When using this operation with an access point through the AWS SDKs,
6300
+ # you provide the access point ARN in place of the bucket name. For
6301
+ # more information about access point ARNs, see [Using Access
6302
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
6303
+ #
6304
+ # When using this API with Amazon S3 on Outposts, you must direct
6305
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
6306
+ # takes the form
6307
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
6308
+ # When using this operation using S3 on Outposts through the AWS SDKs,
6309
+ # you provide the Outposts bucket ARN in place of the bucket name. For
6310
+ # more information about S3 on Outposts ARNs, see [Using S3 on
6311
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
6312
+ #
6313
+ #
6314
+ #
6315
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
6316
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
5590
6317
  # @return [String]
5591
6318
  #
5592
6319
  # @!attribute [rw] if_match
@@ -5616,12 +6343,16 @@ module Aws::S3
5616
6343
  # @!attribute [rw] range
5617
6344
  # Downloads the specified range bytes of an object. For more
5618
6345
  # information about the HTTP Range header, see
5619
- # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35]().
6346
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
5620
6347
  #
5621
6348
  # <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
5622
6349
  # `GET` request.
5623
6350
  #
5624
6351
  # </note>
6352
+ #
6353
+ #
6354
+ #
6355
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
5625
6356
  # @return [String]
5626
6357
  #
5627
6358
  # @!attribute [rw] version_id
@@ -5638,7 +6369,7 @@ module Aws::S3
5638
6369
  # in encrypting data. This value is used to store the object and then
5639
6370
  # it is discarded; Amazon S3 does not store the encryption key. The
5640
6371
  # key must be appropriate for use with the algorithm specified in the
5641
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
6372
+ # `x-amz-server-side-encryption-customer-algorithm` header.
5642
6373
  # @return [String]
5643
6374
  #
5644
6375
  # @!attribute [rw] sse_customer_key_md5
@@ -5666,6 +6397,12 @@ module Aws::S3
5666
6397
  # and the number of parts in this object.
5667
6398
  # @return [Integer]
5668
6399
  #
6400
+ # @!attribute [rw] expected_bucket_owner
6401
+ # The account id of the expected bucket owner. If the bucket is owned
6402
+ # by a different account, the request will fail with an HTTP `403
6403
+ # (Access Denied)` error.
6404
+ # @return [String]
6405
+ #
5669
6406
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectRequest AWS API Documentation
5670
6407
  #
5671
6408
  class HeadObjectRequest < Struct.new(
@@ -5681,7 +6418,8 @@ module Aws::S3
5681
6418
  :sse_customer_key,
5682
6419
  :sse_customer_key_md5,
5683
6420
  :request_payer,
5684
- :part_number)
6421
+ :part_number,
6422
+ :expected_bucket_owner)
5685
6423
  SENSITIVE = [:sse_customer_key]
5686
6424
  include Aws::Structure
5687
6425
  end
@@ -6486,6 +7224,7 @@ module Aws::S3
6486
7224
  # {
6487
7225
  # bucket: "BucketName", # required
6488
7226
  # continuation_token: "Token",
7227
+ # expected_bucket_owner: "AccountId",
6489
7228
  # }
6490
7229
  #
6491
7230
  # @!attribute [rw] bucket
@@ -6498,11 +7237,18 @@ module Aws::S3
6498
7237
  # request should begin.
6499
7238
  # @return [String]
6500
7239
  #
7240
+ # @!attribute [rw] expected_bucket_owner
7241
+ # The account id of the expected bucket owner. If the bucket is owned
7242
+ # by a different account, the request will fail with an HTTP `403
7243
+ # (Access Denied)` error.
7244
+ # @return [String]
7245
+ #
6501
7246
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurationsRequest AWS API Documentation
6502
7247
  #
6503
7248
  class ListBucketAnalyticsConfigurationsRequest < Struct.new(
6504
7249
  :bucket,
6505
- :continuation_token)
7250
+ :continuation_token,
7251
+ :expected_bucket_owner)
6506
7252
  SENSITIVE = []
6507
7253
  include Aws::Structure
6508
7254
  end
@@ -6546,6 +7292,7 @@ module Aws::S3
6546
7292
  # {
6547
7293
  # bucket: "BucketName", # required
6548
7294
  # continuation_token: "Token",
7295
+ # expected_bucket_owner: "AccountId",
6549
7296
  # }
6550
7297
  #
6551
7298
  # @!attribute [rw] bucket
@@ -6560,11 +7307,18 @@ module Aws::S3
6560
7307
  # token is an opaque value that Amazon S3 understands.
6561
7308
  # @return [String]
6562
7309
  #
7310
+ # @!attribute [rw] expected_bucket_owner
7311
+ # The account id of the expected bucket owner. If the bucket is owned
7312
+ # by a different account, the request will fail with an HTTP `403
7313
+ # (Access Denied)` error.
7314
+ # @return [String]
7315
+ #
6563
7316
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurationsRequest AWS API Documentation
6564
7317
  #
6565
7318
  class ListBucketInventoryConfigurationsRequest < Struct.new(
6566
7319
  :bucket,
6567
- :continuation_token)
7320
+ :continuation_token,
7321
+ :expected_bucket_owner)
6568
7322
  SENSITIVE = []
6569
7323
  include Aws::Structure
6570
7324
  end
@@ -6610,6 +7364,7 @@ module Aws::S3
6610
7364
  # {
6611
7365
  # bucket: "BucketName", # required
6612
7366
  # continuation_token: "Token",
7367
+ # expected_bucket_owner: "AccountId",
6613
7368
  # }
6614
7369
  #
6615
7370
  # @!attribute [rw] bucket
@@ -6624,11 +7379,18 @@ module Aws::S3
6624
7379
  # continuation token is an opaque value that Amazon S3 understands.
6625
7380
  # @return [String]
6626
7381
  #
7382
+ # @!attribute [rw] expected_bucket_owner
7383
+ # The account id of the expected bucket owner. If the bucket is owned
7384
+ # by a different account, the request will fail with an HTTP `403
7385
+ # (Access Denied)` error.
7386
+ # @return [String]
7387
+ #
6627
7388
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurationsRequest AWS API Documentation
6628
7389
  #
6629
7390
  class ListBucketMetricsConfigurationsRequest < Struct.new(
6630
7391
  :bucket,
6631
- :continuation_token)
7392
+ :continuation_token,
7393
+ :expected_bucket_owner)
6632
7394
  SENSITIVE = []
6633
7395
  include Aws::Structure
6634
7396
  end
@@ -6651,7 +7413,7 @@ module Aws::S3
6651
7413
  end
6652
7414
 
6653
7415
  # @!attribute [rw] bucket
6654
- # Name of the bucket to which the multipart upload was initiated.
7416
+ # The name of the bucket to which the multipart upload was initiated.
6655
7417
  # @return [String]
6656
7418
  #
6657
7419
  # @!attribute [rw] key_marker
@@ -6751,23 +7513,34 @@ module Aws::S3
6751
7513
  # max_uploads: 1,
6752
7514
  # prefix: "Prefix",
6753
7515
  # upload_id_marker: "UploadIdMarker",
7516
+ # expected_bucket_owner: "AccountId",
6754
7517
  # }
6755
7518
  #
6756
7519
  # @!attribute [rw] bucket
6757
- # Name of the bucket to which the multipart upload was initiated.
7520
+ # The name of the bucket to which the multipart upload was initiated.
6758
7521
  #
6759
7522
  # When using this API with an access point, you must direct requests
6760
7523
  # to the access point hostname. The access point hostname takes the
6761
7524
  # form
6762
7525
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6763
- # When using this operation using an access point through the AWS
6764
- # SDKs, you provide the access point ARN in place of the bucket name.
6765
- # For more information about access point ARNs, see [Using Access
7526
+ # When using this operation with an access point through the AWS SDKs,
7527
+ # you provide the access point ARN in place of the bucket name. For
7528
+ # more information about access point ARNs, see [Using Access
6766
7529
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
6767
7530
  #
7531
+ # When using this API with Amazon S3 on Outposts, you must direct
7532
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7533
+ # takes the form
7534
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7535
+ # When using this operation using S3 on Outposts through the AWS SDKs,
7536
+ # you provide the Outposts bucket ARN in place of the bucket name. For
7537
+ # more information about S3 on Outposts ARNs, see [Using S3 on
7538
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
7539
+ #
6768
7540
  #
6769
7541
  #
6770
7542
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
7543
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
6771
7544
  # @return [String]
6772
7545
  #
6773
7546
  # @!attribute [rw] delimiter
@@ -6827,6 +7600,12 @@ module Aws::S3
6827
7600
  # the specified `upload-id-marker`.
6828
7601
  # @return [String]
6829
7602
  #
7603
+ # @!attribute [rw] expected_bucket_owner
7604
+ # The account id of the expected bucket owner. If the bucket is owned
7605
+ # by a different account, the request will fail with an HTTP `403
7606
+ # (Access Denied)` error.
7607
+ # @return [String]
7608
+ #
6830
7609
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploadsRequest AWS API Documentation
6831
7610
  #
6832
7611
  class ListMultipartUploadsRequest < Struct.new(
@@ -6836,7 +7615,8 @@ module Aws::S3
6836
7615
  :key_marker,
6837
7616
  :max_uploads,
6838
7617
  :prefix,
6839
- :upload_id_marker)
7618
+ :upload_id_marker,
7619
+ :expected_bucket_owner)
6840
7620
  SENSITIVE = []
6841
7621
  include Aws::Structure
6842
7622
  end
@@ -6880,7 +7660,7 @@ module Aws::S3
6880
7660
  # @return [Array<Types::DeleteMarkerEntry>]
6881
7661
  #
6882
7662
  # @!attribute [rw] name
6883
- # Bucket name.
7663
+ # The bucket name.
6884
7664
  # @return [String]
6885
7665
  #
6886
7666
  # @!attribute [rw] prefix
@@ -6948,23 +7728,11 @@ module Aws::S3
6948
7728
  # max_keys: 1,
6949
7729
  # prefix: "Prefix",
6950
7730
  # version_id_marker: "VersionIdMarker",
7731
+ # expected_bucket_owner: "AccountId",
6951
7732
  # }
6952
7733
  #
6953
7734
  # @!attribute [rw] bucket
6954
7735
  # The bucket name that contains the objects.
6955
- #
6956
- # When using this API with an access point, you must direct requests
6957
- # to the access point hostname. The access point hostname takes the
6958
- # form
6959
- # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6960
- # When using this operation using an access point through the AWS
6961
- # SDKs, you provide the access point ARN in place of the bucket name.
6962
- # For more information about access point ARNs, see [Using Access
6963
- # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
6964
- #
6965
- #
6966
- #
6967
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
6968
7736
  # @return [String]
6969
7737
  #
6970
7738
  # @!attribute [rw] delimiter
@@ -7012,6 +7780,12 @@ module Aws::S3
7012
7780
  # Specifies the object version you want to start listing from.
7013
7781
  # @return [String]
7014
7782
  #
7783
+ # @!attribute [rw] expected_bucket_owner
7784
+ # The account id of the expected bucket owner. If the bucket is owned
7785
+ # by a different account, the request will fail with an HTTP `403
7786
+ # (Access Denied)` error.
7787
+ # @return [String]
7788
+ #
7015
7789
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersionsRequest AWS API Documentation
7016
7790
  #
7017
7791
  class ListObjectVersionsRequest < Struct.new(
@@ -7021,7 +7795,8 @@ module Aws::S3
7021
7795
  :key_marker,
7022
7796
  :max_keys,
7023
7797
  :prefix,
7024
- :version_id_marker)
7798
+ :version_id_marker,
7799
+ :expected_bucket_owner)
7025
7800
  SENSITIVE = []
7026
7801
  include Aws::Structure
7027
7802
  end
@@ -7052,7 +7827,7 @@ module Aws::S3
7052
7827
  # @return [Array<Types::Object>]
7053
7828
  #
7054
7829
  # @!attribute [rw] name
7055
- # Bucket name.
7830
+ # The bucket name.
7056
7831
  # @return [String]
7057
7832
  #
7058
7833
  # @!attribute [rw] prefix
@@ -7123,10 +7898,34 @@ module Aws::S3
7123
7898
  # max_keys: 1,
7124
7899
  # prefix: "Prefix",
7125
7900
  # request_payer: "requester", # accepts requester
7901
+ # expected_bucket_owner: "AccountId",
7126
7902
  # }
7127
7903
  #
7128
7904
  # @!attribute [rw] bucket
7129
7905
  # The name of the bucket containing the objects.
7906
+ #
7907
+ # When using this API with an access point, you must direct requests
7908
+ # to the access point hostname. The access point hostname takes the
7909
+ # form
7910
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7911
+ # When using this operation with an access point through the AWS SDKs,
7912
+ # you provide the access point ARN in place of the bucket name. For
7913
+ # more information about access point ARNs, see [Using Access
7914
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7915
+ #
7916
+ # When using this API with Amazon S3 on Outposts, you must direct
7917
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7918
+ # takes the form
7919
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7920
+ # When using this operation using S3 on Outposts through the AWS SDKs,
7921
+ # you provide the Outposts bucket ARN in place of the bucket name. For
7922
+ # more information about S3 on Outposts ARNs, see [Using S3 on
7923
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
7924
+ #
7925
+ #
7926
+ #
7927
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
7928
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7130
7929
  # @return [String]
7131
7930
  #
7132
7931
  # @!attribute [rw] delimiter
@@ -7162,6 +7961,12 @@ module Aws::S3
7162
7961
  # parameter in their requests.
7163
7962
  # @return [String]
7164
7963
  #
7964
+ # @!attribute [rw] expected_bucket_owner
7965
+ # The account id of the expected bucket owner. If the bucket is owned
7966
+ # by a different account, the request will fail with an HTTP `403
7967
+ # (Access Denied)` error.
7968
+ # @return [String]
7969
+ #
7165
7970
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsRequest AWS API Documentation
7166
7971
  #
7167
7972
  class ListObjectsRequest < Struct.new(
@@ -7171,7 +7976,8 @@ module Aws::S3
7171
7976
  :marker,
7172
7977
  :max_keys,
7173
7978
  :prefix,
7174
- :request_payer)
7979
+ :request_payer,
7980
+ :expected_bucket_owner)
7175
7981
  SENSITIVE = []
7176
7982
  include Aws::Structure
7177
7983
  end
@@ -7187,20 +7993,30 @@ module Aws::S3
7187
7993
  # @return [Array<Types::Object>]
7188
7994
  #
7189
7995
  # @!attribute [rw] name
7190
- # Bucket name.
7996
+ # The bucket name.
7191
7997
  #
7192
7998
  # When using this API with an access point, you must direct requests
7193
7999
  # to the access point hostname. The access point hostname takes the
7194
8000
  # form
7195
8001
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7196
- # When using this operation using an access point through the AWS
7197
- # SDKs, you provide the access point ARN in place of the bucket name.
7198
- # For more information about access point ARNs, see [Using Access
8002
+ # When using this operation with an access point through the AWS SDKs,
8003
+ # you provide the access point ARN in place of the bucket name. For
8004
+ # more information about access point ARNs, see [Using Access
7199
8005
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7200
8006
  #
8007
+ # When using this API with Amazon S3 on Outposts, you must direct
8008
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
8009
+ # takes the form
8010
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
8011
+ # When using this operation using S3 on Outposts through the AWS SDKs,
8012
+ # you provide the Outposts bucket ARN in place of the bucket name. For
8013
+ # more information about S3 on Outposts ARNs, see [Using S3 on
8014
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
8015
+ #
7201
8016
  #
7202
8017
  #
7203
8018
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
8019
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7204
8020
  # @return [String]
7205
8021
  #
7206
8022
  # @!attribute [rw] prefix
@@ -7308,6 +8124,7 @@ module Aws::S3
7308
8124
  # fetch_owner: false,
7309
8125
  # start_after: "StartAfter",
7310
8126
  # request_payer: "requester", # accepts requester
8127
+ # expected_bucket_owner: "AccountId",
7311
8128
  # }
7312
8129
  #
7313
8130
  # @!attribute [rw] bucket
@@ -7317,14 +8134,24 @@ module Aws::S3
7317
8134
  # to the access point hostname. The access point hostname takes the
7318
8135
  # form
7319
8136
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7320
- # When using this operation using an access point through the AWS
7321
- # SDKs, you provide the access point ARN in place of the bucket name.
7322
- # For more information about access point ARNs, see [Using Access
8137
+ # When using this operation with an access point through the AWS SDKs,
8138
+ # you provide the access point ARN in place of the bucket name. For
8139
+ # more information about access point ARNs, see [Using Access
7323
8140
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7324
8141
  #
8142
+ # When using this API with Amazon S3 on Outposts, you must direct
8143
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
8144
+ # takes the form
8145
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
8146
+ # When using this operation using S3 on Outposts through the AWS SDKs,
8147
+ # you provide the Outposts bucket ARN in place of the bucket name. For
8148
+ # more information about S3 on Outposts ARNs, see [Using S3 on
8149
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
8150
+ #
7325
8151
  #
7326
8152
  #
7327
8153
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
8154
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7328
8155
  # @return [String]
7329
8156
  #
7330
8157
  # @!attribute [rw] delimiter
@@ -7370,6 +8197,12 @@ module Aws::S3
7370
8197
  # this parameter in their requests.
7371
8198
  # @return [String]
7372
8199
  #
8200
+ # @!attribute [rw] expected_bucket_owner
8201
+ # The account id of the expected bucket owner. If the bucket is owned
8202
+ # by a different account, the request will fail with an HTTP `403
8203
+ # (Access Denied)` error.
8204
+ # @return [String]
8205
+ #
7373
8206
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2Request AWS API Documentation
7374
8207
  #
7375
8208
  class ListObjectsV2Request < Struct.new(
@@ -7381,7 +8214,8 @@ module Aws::S3
7381
8214
  :continuation_token,
7382
8215
  :fetch_owner,
7383
8216
  :start_after,
7384
- :request_payer)
8217
+ :request_payer,
8218
+ :expected_bucket_owner)
7385
8219
  SENSITIVE = []
7386
8220
  include Aws::Structure
7387
8221
  end
@@ -7411,7 +8245,7 @@ module Aws::S3
7411
8245
  # @return [String]
7412
8246
  #
7413
8247
  # @!attribute [rw] bucket
7414
- # Name of the bucket to which the multipart upload was initiated.
8248
+ # The name of the bucket to which the multipart upload was initiated.
7415
8249
  # @return [String]
7416
8250
  #
7417
8251
  # @!attribute [rw] key
@@ -7505,23 +8339,34 @@ module Aws::S3
7505
8339
  # part_number_marker: 1,
7506
8340
  # upload_id: "MultipartUploadId", # required
7507
8341
  # request_payer: "requester", # accepts requester
8342
+ # expected_bucket_owner: "AccountId",
7508
8343
  # }
7509
8344
  #
7510
8345
  # @!attribute [rw] bucket
7511
- # Name of the bucket to which the parts are being uploaded.
8346
+ # The name of the bucket to which the parts are being uploaded.
7512
8347
  #
7513
8348
  # When using this API with an access point, you must direct requests
7514
8349
  # to the access point hostname. The access point hostname takes the
7515
8350
  # form
7516
8351
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7517
- # When using this operation using an access point through the AWS
7518
- # SDKs, you provide the access point ARN in place of the bucket name.
7519
- # For more information about access point ARNs, see [Using Access
8352
+ # When using this operation with an access point through the AWS SDKs,
8353
+ # you provide the access point ARN in place of the bucket name. For
8354
+ # more information about access point ARNs, see [Using Access
7520
8355
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7521
8356
  #
8357
+ # When using this API with Amazon S3 on Outposts, you must direct
8358
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
8359
+ # takes the form
8360
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
8361
+ # When using this operation using S3 on Outposts through the AWS SDKs,
8362
+ # you provide the Outposts bucket ARN in place of the bucket name. For
8363
+ # more information about S3 on Outposts ARNs, see [Using S3 on
8364
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
8365
+ #
7522
8366
  #
7523
8367
  #
7524
8368
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
8369
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7525
8370
  # @return [String]
7526
8371
  #
7527
8372
  # @!attribute [rw] key
@@ -7554,6 +8399,12 @@ module Aws::S3
7554
8399
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
7555
8400
  # @return [String]
7556
8401
  #
8402
+ # @!attribute [rw] expected_bucket_owner
8403
+ # The account id of the expected bucket owner. If the bucket is owned
8404
+ # by a different account, the request will fail with an HTTP `403
8405
+ # (Access Denied)` error.
8406
+ # @return [String]
8407
+ #
7557
8408
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListPartsRequest AWS API Documentation
7558
8409
  #
7559
8410
  class ListPartsRequest < Struct.new(
@@ -7562,7 +8413,8 @@ module Aws::S3
7562
8413
  :max_parts,
7563
8414
  :part_number_marker,
7564
8415
  :upload_id,
7565
- :request_payer)
8416
+ :request_payer,
8417
+ :expected_bucket_owner)
7566
8418
  SENSITIVE = []
7567
8419
  include Aws::Structure
7568
8420
  end
@@ -8425,7 +9277,7 @@ module Aws::S3
8425
9277
  # value: "MetadataValue",
8426
9278
  # },
8427
9279
  # ],
8428
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
9280
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
8429
9281
  # },
8430
9282
  # }
8431
9283
  #
@@ -8504,6 +9356,60 @@ module Aws::S3
8504
9356
  include Aws::Structure
8505
9357
  end
8506
9358
 
9359
+ # The container element for a bucket's ownership controls.
9360
+ #
9361
+ # @note When making an API call, you may pass OwnershipControls
9362
+ # data as a hash:
9363
+ #
9364
+ # {
9365
+ # rules: [ # required
9366
+ # {
9367
+ # object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
9368
+ # },
9369
+ # ],
9370
+ # }
9371
+ #
9372
+ # @!attribute [rw] rules
9373
+ # The container element for an ownership control rule.
9374
+ # @return [Array<Types::OwnershipControlsRule>]
9375
+ #
9376
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OwnershipControls AWS API Documentation
9377
+ #
9378
+ class OwnershipControls < Struct.new(
9379
+ :rules)
9380
+ SENSITIVE = []
9381
+ include Aws::Structure
9382
+ end
9383
+
9384
+ # The container element for an ownership control rule.
9385
+ #
9386
+ # @note When making an API call, you may pass OwnershipControlsRule
9387
+ # data as a hash:
9388
+ #
9389
+ # {
9390
+ # object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
9391
+ # }
9392
+ #
9393
+ # @!attribute [rw] object_ownership
9394
+ # The container element for object ownership for a bucket's ownership
9395
+ # controls.
9396
+ #
9397
+ # BucketOwnerPreferred - Objects uploaded to the bucket change
9398
+ # ownership to the bucket owner if the objects are uploaded with the
9399
+ # `bucket-owner-full-control` canned ACL.
9400
+ #
9401
+ # ObjectWriter - The uploading account will own the object if the
9402
+ # object is uploaded with the `bucket-owner-full-control` canned ACL.
9403
+ # @return [String]
9404
+ #
9405
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OwnershipControlsRule AWS API Documentation
9406
+ #
9407
+ class OwnershipControlsRule < Struct.new(
9408
+ :object_ownership)
9409
+ SENSITIVE = []
9410
+ include Aws::Structure
9411
+ end
9412
+
8507
9413
  # Container for Parquet.
8508
9414
  #
8509
9415
  # @api private
@@ -8682,21 +9588,30 @@ module Aws::S3
8682
9588
  # accelerate_configuration: { # required
8683
9589
  # status: "Enabled", # accepts Enabled, Suspended
8684
9590
  # },
9591
+ # expected_bucket_owner: "AccountId",
8685
9592
  # }
8686
9593
  #
8687
9594
  # @!attribute [rw] bucket
8688
- # Name of the bucket for which the accelerate configuration is set.
9595
+ # The name of the bucket for which the accelerate configuration is
9596
+ # set.
8689
9597
  # @return [String]
8690
9598
  #
8691
9599
  # @!attribute [rw] accelerate_configuration
8692
9600
  # Container for setting the transfer acceleration state.
8693
9601
  # @return [Types::AccelerateConfiguration]
8694
9602
  #
9603
+ # @!attribute [rw] expected_bucket_owner
9604
+ # The account id of the expected bucket owner. If the bucket is owned
9605
+ # by a different account, the request will fail with an HTTP `403
9606
+ # (Access Denied)` error.
9607
+ # @return [String]
9608
+ #
8695
9609
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfigurationRequest AWS API Documentation
8696
9610
  #
8697
9611
  class PutBucketAccelerateConfigurationRequest < Struct.new(
8698
9612
  :bucket,
8699
- :accelerate_configuration)
9613
+ :accelerate_configuration,
9614
+ :expected_bucket_owner)
8700
9615
  SENSITIVE = []
8701
9616
  include Aws::Structure
8702
9617
  end
@@ -8731,6 +9646,7 @@ module Aws::S3
8731
9646
  # grant_read_acp: "GrantReadACP",
8732
9647
  # grant_write: "GrantWrite",
8733
9648
  # grant_write_acp: "GrantWriteACP",
9649
+ # expected_bucket_owner: "AccountId",
8734
9650
  # }
8735
9651
  #
8736
9652
  # @!attribute [rw] acl
@@ -8779,6 +9695,12 @@ module Aws::S3
8779
9695
  # Allows grantee to write the ACL for the applicable bucket.
8780
9696
  # @return [String]
8781
9697
  #
9698
+ # @!attribute [rw] expected_bucket_owner
9699
+ # The account id of the expected bucket owner. If the bucket is owned
9700
+ # by a different account, the request will fail with an HTTP `403
9701
+ # (Access Denied)` error.
9702
+ # @return [String]
9703
+ #
8782
9704
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAclRequest AWS API Documentation
8783
9705
  #
8784
9706
  class PutBucketAclRequest < Struct.new(
@@ -8790,7 +9712,8 @@ module Aws::S3
8790
9712
  :grant_read,
8791
9713
  :grant_read_acp,
8792
9714
  :grant_write,
8793
- :grant_write_acp)
9715
+ :grant_write_acp,
9716
+ :expected_bucket_owner)
8794
9717
  SENSITIVE = []
8795
9718
  include Aws::Structure
8796
9719
  end
@@ -8833,6 +9756,7 @@ module Aws::S3
8833
9756
  # },
8834
9757
  # },
8835
9758
  # },
9759
+ # expected_bucket_owner: "AccountId",
8836
9760
  # }
8837
9761
  #
8838
9762
  # @!attribute [rw] bucket
@@ -8848,12 +9772,19 @@ module Aws::S3
8848
9772
  # The configuration and any analyses for the analytics filter.
8849
9773
  # @return [Types::AnalyticsConfiguration]
8850
9774
  #
9775
+ # @!attribute [rw] expected_bucket_owner
9776
+ # The account id of the expected bucket owner. If the bucket is owned
9777
+ # by a different account, the request will fail with an HTTP `403
9778
+ # (Access Denied)` error.
9779
+ # @return [String]
9780
+ #
8851
9781
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfigurationRequest AWS API Documentation
8852
9782
  #
8853
9783
  class PutBucketAnalyticsConfigurationRequest < Struct.new(
8854
9784
  :bucket,
8855
9785
  :id,
8856
- :analytics_configuration)
9786
+ :analytics_configuration,
9787
+ :expected_bucket_owner)
8857
9788
  SENSITIVE = []
8858
9789
  include Aws::Structure
8859
9790
  end
@@ -8875,6 +9806,7 @@ module Aws::S3
8875
9806
  # ],
8876
9807
  # },
8877
9808
  # content_md5: "ContentMD5",
9809
+ # expected_bucket_owner: "AccountId",
8878
9810
  # }
8879
9811
  #
8880
9812
  # @!attribute [rw] bucket
@@ -8903,12 +9835,19 @@ module Aws::S3
8903
9835
  # [1]: http://www.ietf.org/rfc/rfc1864.txt
8904
9836
  # @return [String]
8905
9837
  #
9838
+ # @!attribute [rw] expected_bucket_owner
9839
+ # The account id of the expected bucket owner. If the bucket is owned
9840
+ # by a different account, the request will fail with an HTTP `403
9841
+ # (Access Denied)` error.
9842
+ # @return [String]
9843
+ #
8906
9844
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCorsRequest AWS API Documentation
8907
9845
  #
8908
9846
  class PutBucketCorsRequest < Struct.new(
8909
9847
  :bucket,
8910
9848
  :cors_configuration,
8911
- :content_md5)
9849
+ :content_md5,
9850
+ :expected_bucket_owner)
8912
9851
  SENSITIVE = []
8913
9852
  include Aws::Structure
8914
9853
  end
@@ -8929,6 +9868,7 @@ module Aws::S3
8929
9868
  # },
8930
9869
  # ],
8931
9870
  # },
9871
+ # expected_bucket_owner: "AccountId",
8932
9872
  # }
8933
9873
  #
8934
9874
  # @!attribute [rw] bucket
@@ -8954,12 +9894,19 @@ module Aws::S3
8954
9894
  # Specifies the default server-side-encryption configuration.
8955
9895
  # @return [Types::ServerSideEncryptionConfiguration]
8956
9896
  #
9897
+ # @!attribute [rw] expected_bucket_owner
9898
+ # The account id of the expected bucket owner. If the bucket is owned
9899
+ # by a different account, the request will fail with an HTTP `403
9900
+ # (Access Denied)` error.
9901
+ # @return [String]
9902
+ #
8957
9903
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest AWS API Documentation
8958
9904
  #
8959
9905
  class PutBucketEncryptionRequest < Struct.new(
8960
9906
  :bucket,
8961
9907
  :content_md5,
8962
- :server_side_encryption_configuration)
9908
+ :server_side_encryption_configuration,
9909
+ :expected_bucket_owner)
8963
9910
  SENSITIVE = []
8964
9911
  include Aws::Structure
8965
9912
  end
@@ -8997,6 +9944,7 @@ module Aws::S3
8997
9944
  # frequency: "Daily", # required, accepts Daily, Weekly
8998
9945
  # },
8999
9946
  # },
9947
+ # expected_bucket_owner: "AccountId",
9000
9948
  # }
9001
9949
  #
9002
9950
  # @!attribute [rw] bucket
@@ -9012,12 +9960,19 @@ module Aws::S3
9012
9960
  # Specifies the inventory configuration.
9013
9961
  # @return [Types::InventoryConfiguration]
9014
9962
  #
9963
+ # @!attribute [rw] expected_bucket_owner
9964
+ # The account id of the expected bucket owner. If the bucket is owned
9965
+ # by a different account, the request will fail with an HTTP `403
9966
+ # (Access Denied)` error.
9967
+ # @return [String]
9968
+ #
9015
9969
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfigurationRequest AWS API Documentation
9016
9970
  #
9017
9971
  class PutBucketInventoryConfigurationRequest < Struct.new(
9018
9972
  :bucket,
9019
9973
  :id,
9020
- :inventory_configuration)
9974
+ :inventory_configuration,
9975
+ :expected_bucket_owner)
9021
9976
  SENSITIVE = []
9022
9977
  include Aws::Structure
9023
9978
  end
@@ -9076,6 +10031,7 @@ module Aws::S3
9076
10031
  # },
9077
10032
  # ],
9078
10033
  # },
10034
+ # expected_bucket_owner: "AccountId",
9079
10035
  # }
9080
10036
  #
9081
10037
  # @!attribute [rw] bucket
@@ -9086,11 +10042,18 @@ module Aws::S3
9086
10042
  # Container for lifecycle rules. You can add as many as 1,000 rules.
9087
10043
  # @return [Types::BucketLifecycleConfiguration]
9088
10044
  #
10045
+ # @!attribute [rw] expected_bucket_owner
10046
+ # The account id of the expected bucket owner. If the bucket is owned
10047
+ # by a different account, the request will fail with an HTTP `403
10048
+ # (Access Denied)` error.
10049
+ # @return [String]
10050
+ #
9089
10051
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest AWS API Documentation
9090
10052
  #
9091
10053
  class PutBucketLifecycleConfigurationRequest < Struct.new(
9092
10054
  :bucket,
9093
- :lifecycle_configuration)
10055
+ :lifecycle_configuration,
10056
+ :expected_bucket_owner)
9094
10057
  SENSITIVE = []
9095
10058
  include Aws::Structure
9096
10059
  end
@@ -9130,6 +10093,7 @@ module Aws::S3
9130
10093
  # },
9131
10094
  # ],
9132
10095
  # },
10096
+ # expected_bucket_owner: "AccountId",
9133
10097
  # }
9134
10098
  #
9135
10099
  # @!attribute [rw] bucket
@@ -9141,12 +10105,19 @@ module Aws::S3
9141
10105
  # @!attribute [rw] lifecycle_configuration
9142
10106
  # @return [Types::LifecycleConfiguration]
9143
10107
  #
10108
+ # @!attribute [rw] expected_bucket_owner
10109
+ # The account id of the expected bucket owner. If the bucket is owned
10110
+ # by a different account, the request will fail with an HTTP `403
10111
+ # (Access Denied)` error.
10112
+ # @return [String]
10113
+ #
9144
10114
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleRequest AWS API Documentation
9145
10115
  #
9146
10116
  class PutBucketLifecycleRequest < Struct.new(
9147
10117
  :bucket,
9148
10118
  :content_md5,
9149
- :lifecycle_configuration)
10119
+ :lifecycle_configuration,
10120
+ :expected_bucket_owner)
9150
10121
  SENSITIVE = []
9151
10122
  include Aws::Structure
9152
10123
  end
@@ -9175,6 +10146,7 @@ module Aws::S3
9175
10146
  # },
9176
10147
  # },
9177
10148
  # content_md5: "ContentMD5",
10149
+ # expected_bucket_owner: "AccountId",
9178
10150
  # }
9179
10151
  #
9180
10152
  # @!attribute [rw] bucket
@@ -9189,12 +10161,19 @@ module Aws::S3
9189
10161
  # The MD5 hash of the `PutBucketLogging` request body.
9190
10162
  # @return [String]
9191
10163
  #
10164
+ # @!attribute [rw] expected_bucket_owner
10165
+ # The account id of the expected bucket owner. If the bucket is owned
10166
+ # by a different account, the request will fail with an HTTP `403
10167
+ # (Access Denied)` error.
10168
+ # @return [String]
10169
+ #
9192
10170
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLoggingRequest AWS API Documentation
9193
10171
  #
9194
10172
  class PutBucketLoggingRequest < Struct.new(
9195
10173
  :bucket,
9196
10174
  :bucket_logging_status,
9197
- :content_md5)
10175
+ :content_md5,
10176
+ :expected_bucket_owner)
9198
10177
  SENSITIVE = []
9199
10178
  include Aws::Structure
9200
10179
  end
@@ -9224,6 +10203,7 @@ module Aws::S3
9224
10203
  # },
9225
10204
  # },
9226
10205
  # },
10206
+ # expected_bucket_owner: "AccountId",
9227
10207
  # }
9228
10208
  #
9229
10209
  # @!attribute [rw] bucket
@@ -9238,12 +10218,19 @@ module Aws::S3
9238
10218
  # Specifies the metrics configuration.
9239
10219
  # @return [Types::MetricsConfiguration]
9240
10220
  #
10221
+ # @!attribute [rw] expected_bucket_owner
10222
+ # The account id of the expected bucket owner. If the bucket is owned
10223
+ # by a different account, the request will fail with an HTTP `403
10224
+ # (Access Denied)` error.
10225
+ # @return [String]
10226
+ #
9241
10227
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfigurationRequest AWS API Documentation
9242
10228
  #
9243
10229
  class PutBucketMetricsConfigurationRequest < Struct.new(
9244
10230
  :bucket,
9245
10231
  :id,
9246
- :metrics_configuration)
10232
+ :metrics_configuration,
10233
+ :expected_bucket_owner)
9247
10234
  SENSITIVE = []
9248
10235
  include Aws::Structure
9249
10236
  end
@@ -9306,6 +10293,7 @@ module Aws::S3
9306
10293
  # },
9307
10294
  # ],
9308
10295
  # },
10296
+ # expected_bucket_owner: "AccountId",
9309
10297
  # }
9310
10298
  #
9311
10299
  # @!attribute [rw] bucket
@@ -9318,11 +10306,18 @@ module Aws::S3
9318
10306
  # the bucket.
9319
10307
  # @return [Types::NotificationConfiguration]
9320
10308
  #
10309
+ # @!attribute [rw] expected_bucket_owner
10310
+ # The account id of the expected bucket owner. If the bucket is owned
10311
+ # by a different account, the request will fail with an HTTP `403
10312
+ # (Access Denied)` error.
10313
+ # @return [String]
10314
+ #
9321
10315
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfigurationRequest AWS API Documentation
9322
10316
  #
9323
10317
  class PutBucketNotificationConfigurationRequest < Struct.new(
9324
10318
  :bucket,
9325
- :notification_configuration)
10319
+ :notification_configuration,
10320
+ :expected_bucket_owner)
9326
10321
  SENSITIVE = []
9327
10322
  include Aws::Structure
9328
10323
  end
@@ -9354,6 +10349,7 @@ module Aws::S3
9354
10349
  # invocation_role: "CloudFunctionInvocationRole",
9355
10350
  # },
9356
10351
  # },
10352
+ # expected_bucket_owner: "AccountId",
9357
10353
  # }
9358
10354
  #
9359
10355
  # @!attribute [rw] bucket
@@ -9368,12 +10364,63 @@ module Aws::S3
9368
10364
  # The container for the configuration.
9369
10365
  # @return [Types::NotificationConfigurationDeprecated]
9370
10366
  #
10367
+ # @!attribute [rw] expected_bucket_owner
10368
+ # The account id of the expected bucket owner. If the bucket is owned
10369
+ # by a different account, the request will fail with an HTTP `403
10370
+ # (Access Denied)` error.
10371
+ # @return [String]
10372
+ #
9371
10373
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationRequest AWS API Documentation
9372
10374
  #
9373
10375
  class PutBucketNotificationRequest < Struct.new(
9374
10376
  :bucket,
9375
10377
  :content_md5,
9376
- :notification_configuration)
10378
+ :notification_configuration,
10379
+ :expected_bucket_owner)
10380
+ SENSITIVE = []
10381
+ include Aws::Structure
10382
+ end
10383
+
10384
+ # @note When making an API call, you may pass PutBucketOwnershipControlsRequest
10385
+ # data as a hash:
10386
+ #
10387
+ # {
10388
+ # bucket: "BucketName", # required
10389
+ # content_md5: "ContentMD5",
10390
+ # expected_bucket_owner: "AccountId",
10391
+ # ownership_controls: { # required
10392
+ # rules: [ # required
10393
+ # {
10394
+ # object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
10395
+ # },
10396
+ # ],
10397
+ # },
10398
+ # }
10399
+ #
10400
+ # @!attribute [rw] bucket
10401
+ # The name of the Amazon S3 bucket whose `OwnershipControls` you want
10402
+ # to set.
10403
+ # @return [String]
10404
+ #
10405
+ # @!attribute [rw] content_md5
10406
+ # The MD5 hash of the `OwnershipControls` request body.
10407
+ # @return [String]
10408
+ #
10409
+ # @!attribute [rw] expected_bucket_owner
10410
+ # @return [String]
10411
+ #
10412
+ # @!attribute [rw] ownership_controls
10413
+ # The `OwnershipControls` (BucketOwnerPreferred or ObjectWriter) that
10414
+ # you want to apply to this Amazon S3 bucket.
10415
+ # @return [Types::OwnershipControls]
10416
+ #
10417
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControlsRequest AWS API Documentation
10418
+ #
10419
+ class PutBucketOwnershipControlsRequest < Struct.new(
10420
+ :bucket,
10421
+ :content_md5,
10422
+ :expected_bucket_owner,
10423
+ :ownership_controls)
9377
10424
  SENSITIVE = []
9378
10425
  include Aws::Structure
9379
10426
  end
@@ -9386,6 +10433,7 @@ module Aws::S3
9386
10433
  # content_md5: "ContentMD5",
9387
10434
  # confirm_remove_self_bucket_access: false,
9388
10435
  # policy: "Policy", # required
10436
+ # expected_bucket_owner: "AccountId",
9389
10437
  # }
9390
10438
  #
9391
10439
  # @!attribute [rw] bucket
@@ -9405,13 +10453,20 @@ module Aws::S3
9405
10453
  # The bucket policy as a JSON document.
9406
10454
  # @return [String]
9407
10455
  #
10456
+ # @!attribute [rw] expected_bucket_owner
10457
+ # The account id of the expected bucket owner. If the bucket is owned
10458
+ # by a different account, the request will fail with an HTTP `403
10459
+ # (Access Denied)` error.
10460
+ # @return [String]
10461
+ #
9408
10462
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicyRequest AWS API Documentation
9409
10463
  #
9410
10464
  class PutBucketPolicyRequest < Struct.new(
9411
10465
  :bucket,
9412
10466
  :content_md5,
9413
10467
  :confirm_remove_self_bucket_access,
9414
- :policy)
10468
+ :policy,
10469
+ :expected_bucket_owner)
9415
10470
  SENSITIVE = []
9416
10471
  include Aws::Structure
9417
10472
  end
@@ -9457,7 +10512,7 @@ module Aws::S3
9457
10512
  # destination: { # required
9458
10513
  # bucket: "BucketName", # required
9459
10514
  # account: "AccountId",
9460
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
10515
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
9461
10516
  # access_control_translation: {
9462
10517
  # owner: "Destination", # required, accepts Destination
9463
10518
  # },
@@ -9484,6 +10539,7 @@ module Aws::S3
9484
10539
  # ],
9485
10540
  # },
9486
10541
  # token: "ObjectLockToken",
10542
+ # expected_bucket_owner: "AccountId",
9487
10543
  # }
9488
10544
  #
9489
10545
  # @!attribute [rw] bucket
@@ -9509,13 +10565,20 @@ module Aws::S3
9509
10565
  # @!attribute [rw] token
9510
10566
  # @return [String]
9511
10567
  #
10568
+ # @!attribute [rw] expected_bucket_owner
10569
+ # The account id of the expected bucket owner. If the bucket is owned
10570
+ # by a different account, the request will fail with an HTTP `403
10571
+ # (Access Denied)` error.
10572
+ # @return [String]
10573
+ #
9512
10574
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplicationRequest AWS API Documentation
9513
10575
  #
9514
10576
  class PutBucketReplicationRequest < Struct.new(
9515
10577
  :bucket,
9516
10578
  :content_md5,
9517
10579
  :replication_configuration,
9518
- :token)
10580
+ :token,
10581
+ :expected_bucket_owner)
9519
10582
  SENSITIVE = []
9520
10583
  include Aws::Structure
9521
10584
  end
@@ -9529,6 +10592,7 @@ module Aws::S3
9529
10592
  # request_payment_configuration: { # required
9530
10593
  # payer: "Requester", # required, accepts Requester, BucketOwner
9531
10594
  # },
10595
+ # expected_bucket_owner: "AccountId",
9532
10596
  # }
9533
10597
  #
9534
10598
  # @!attribute [rw] bucket
@@ -9550,12 +10614,19 @@ module Aws::S3
9550
10614
  # Container for Payer.
9551
10615
  # @return [Types::RequestPaymentConfiguration]
9552
10616
  #
10617
+ # @!attribute [rw] expected_bucket_owner
10618
+ # The account id of the expected bucket owner. If the bucket is owned
10619
+ # by a different account, the request will fail with an HTTP `403
10620
+ # (Access Denied)` error.
10621
+ # @return [String]
10622
+ #
9553
10623
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPaymentRequest AWS API Documentation
9554
10624
  #
9555
10625
  class PutBucketRequestPaymentRequest < Struct.new(
9556
10626
  :bucket,
9557
10627
  :content_md5,
9558
- :request_payment_configuration)
10628
+ :request_payment_configuration,
10629
+ :expected_bucket_owner)
9559
10630
  SENSITIVE = []
9560
10631
  include Aws::Structure
9561
10632
  end
@@ -9574,6 +10645,7 @@ module Aws::S3
9574
10645
  # },
9575
10646
  # ],
9576
10647
  # },
10648
+ # expected_bucket_owner: "AccountId",
9577
10649
  # }
9578
10650
  #
9579
10651
  # @!attribute [rw] bucket
@@ -9595,12 +10667,19 @@ module Aws::S3
9595
10667
  # Container for the `TagSet` and `Tag` elements.
9596
10668
  # @return [Types::Tagging]
9597
10669
  #
10670
+ # @!attribute [rw] expected_bucket_owner
10671
+ # The account id of the expected bucket owner. If the bucket is owned
10672
+ # by a different account, the request will fail with an HTTP `403
10673
+ # (Access Denied)` error.
10674
+ # @return [String]
10675
+ #
9598
10676
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTaggingRequest AWS API Documentation
9599
10677
  #
9600
10678
  class PutBucketTaggingRequest < Struct.new(
9601
10679
  :bucket,
9602
10680
  :content_md5,
9603
- :tagging)
10681
+ :tagging,
10682
+ :expected_bucket_owner)
9604
10683
  SENSITIVE = []
9605
10684
  include Aws::Structure
9606
10685
  end
@@ -9616,6 +10695,7 @@ module Aws::S3
9616
10695
  # mfa_delete: "Enabled", # accepts Enabled, Disabled
9617
10696
  # status: "Enabled", # accepts Enabled, Suspended
9618
10697
  # },
10698
+ # expected_bucket_owner: "AccountId",
9619
10699
  # }
9620
10700
  #
9621
10701
  # @!attribute [rw] bucket
@@ -9643,13 +10723,20 @@ module Aws::S3
9643
10723
  # Container for setting the versioning state.
9644
10724
  # @return [Types::VersioningConfiguration]
9645
10725
  #
10726
+ # @!attribute [rw] expected_bucket_owner
10727
+ # The account id of the expected bucket owner. If the bucket is owned
10728
+ # by a different account, the request will fail with an HTTP `403
10729
+ # (Access Denied)` error.
10730
+ # @return [String]
10731
+ #
9646
10732
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioningRequest AWS API Documentation
9647
10733
  #
9648
10734
  class PutBucketVersioningRequest < Struct.new(
9649
10735
  :bucket,
9650
10736
  :content_md5,
9651
10737
  :mfa,
9652
- :versioning_configuration)
10738
+ :versioning_configuration,
10739
+ :expected_bucket_owner)
9653
10740
  SENSITIVE = []
9654
10741
  include Aws::Structure
9655
10742
  end
@@ -9687,6 +10774,7 @@ module Aws::S3
9687
10774
  # },
9688
10775
  # ],
9689
10776
  # },
10777
+ # expected_bucket_owner: "AccountId",
9690
10778
  # }
9691
10779
  #
9692
10780
  # @!attribute [rw] bucket
@@ -9708,12 +10796,19 @@ module Aws::S3
9708
10796
  # Container for the request.
9709
10797
  # @return [Types::WebsiteConfiguration]
9710
10798
  #
10799
+ # @!attribute [rw] expected_bucket_owner
10800
+ # The account id of the expected bucket owner. If the bucket is owned
10801
+ # by a different account, the request will fail with an HTTP `403
10802
+ # (Access Denied)` error.
10803
+ # @return [String]
10804
+ #
9711
10805
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsiteRequest AWS API Documentation
9712
10806
  #
9713
10807
  class PutBucketWebsiteRequest < Struct.new(
9714
10808
  :bucket,
9715
10809
  :content_md5,
9716
- :website_configuration)
10810
+ :website_configuration,
10811
+ :expected_bucket_owner)
9717
10812
  SENSITIVE = []
9718
10813
  include Aws::Structure
9719
10814
  end
@@ -9764,6 +10859,7 @@ module Aws::S3
9764
10859
  # key: "ObjectKey", # required
9765
10860
  # request_payer: "requester", # accepts requester
9766
10861
  # version_id: "ObjectVersionId",
10862
+ # expected_bucket_owner: "AccountId",
9767
10863
  # }
9768
10864
  #
9769
10865
  # @!attribute [rw] acl
@@ -9788,9 +10884,9 @@ module Aws::S3
9788
10884
  # to the access point hostname. The access point hostname takes the
9789
10885
  # form
9790
10886
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
9791
- # When using this operation using an access point through the AWS
9792
- # SDKs, you provide the access point ARN in place of the bucket name.
9793
- # For more information about access point ARNs, see [Using Access
10887
+ # When using this operation with an access point through the AWS SDKs,
10888
+ # you provide the access point ARN in place of the bucket name. For
10889
+ # more information about access point ARNs, see [Using Access
9794
10890
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
9795
10891
  #
9796
10892
  #
@@ -9812,14 +10908,20 @@ module Aws::S3
9812
10908
  # @!attribute [rw] grant_full_control
9813
10909
  # Allows grantee the read, write, read ACP, and write ACP permissions
9814
10910
  # on the bucket.
10911
+ #
10912
+ # This action is not supported by Amazon S3 on Outposts.
9815
10913
  # @return [String]
9816
10914
  #
9817
10915
  # @!attribute [rw] grant_read
9818
10916
  # Allows grantee to list the objects in the bucket.
10917
+ #
10918
+ # This action is not supported by Amazon S3 on Outposts.
9819
10919
  # @return [String]
9820
10920
  #
9821
10921
  # @!attribute [rw] grant_read_acp
9822
10922
  # Allows grantee to read the bucket ACL.
10923
+ #
10924
+ # This action is not supported by Amazon S3 on Outposts.
9823
10925
  # @return [String]
9824
10926
  #
9825
10927
  # @!attribute [rw] grant_write
@@ -9829,10 +10931,35 @@ module Aws::S3
9829
10931
  #
9830
10932
  # @!attribute [rw] grant_write_acp
9831
10933
  # Allows grantee to write the ACL for the applicable bucket.
10934
+ #
10935
+ # This action is not supported by Amazon S3 on Outposts.
9832
10936
  # @return [String]
9833
10937
  #
9834
10938
  # @!attribute [rw] key
9835
10939
  # Key for which the PUT operation was initiated.
10940
+ #
10941
+ # When using this API with an access point, you must direct requests
10942
+ # to the access point hostname. The access point hostname takes the
10943
+ # form
10944
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10945
+ # When using this operation with an access point through the AWS SDKs,
10946
+ # you provide the access point ARN in place of the bucket name. For
10947
+ # more information about access point ARNs, see [Using Access
10948
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10949
+ #
10950
+ # When using this API with Amazon S3 on Outposts, you must direct
10951
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
10952
+ # takes the form
10953
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
10954
+ # When using this operation using S3 on Outposts through the AWS SDKs,
10955
+ # you provide the Outposts bucket ARN in place of the bucket name. For
10956
+ # more information about S3 on Outposts ARNs, see [Using S3 on
10957
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
10958
+ #
10959
+ #
10960
+ #
10961
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
10962
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
9836
10963
  # @return [String]
9837
10964
  #
9838
10965
  # @!attribute [rw] request_payer
@@ -9851,6 +10978,12 @@ module Aws::S3
9851
10978
  # VersionId used to reference a specific version of the object.
9852
10979
  # @return [String]
9853
10980
  #
10981
+ # @!attribute [rw] expected_bucket_owner
10982
+ # The account id of the expected bucket owner. If the bucket is owned
10983
+ # by a different account, the request will fail with an HTTP `403
10984
+ # (Access Denied)` error.
10985
+ # @return [String]
10986
+ #
9854
10987
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAclRequest AWS API Documentation
9855
10988
  #
9856
10989
  class PutObjectAclRequest < Struct.new(
@@ -9865,7 +10998,8 @@ module Aws::S3
9865
10998
  :grant_write_acp,
9866
10999
  :key,
9867
11000
  :request_payer,
9868
- :version_id)
11001
+ :version_id,
11002
+ :expected_bucket_owner)
9869
11003
  SENSITIVE = []
9870
11004
  include Aws::Structure
9871
11005
  end
@@ -9895,6 +11029,7 @@ module Aws::S3
9895
11029
  # request_payer: "requester", # accepts requester
9896
11030
  # version_id: "ObjectVersionId",
9897
11031
  # content_md5: "ContentMD5",
11032
+ # expected_bucket_owner: "AccountId",
9898
11033
  # }
9899
11034
  #
9900
11035
  # @!attribute [rw] bucket
@@ -9905,9 +11040,9 @@ module Aws::S3
9905
11040
  # to the access point hostname. The access point hostname takes the
9906
11041
  # form
9907
11042
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
9908
- # When using this operation using an access point through the AWS
9909
- # SDKs, you provide the access point ARN in place of the bucket name.
9910
- # For more information about access point ARNs, see [Using Access
11043
+ # When using this operation with an access point through the AWS SDKs,
11044
+ # you provide the access point ARN in place of the bucket name. For
11045
+ # more information about access point ARNs, see [Using Access
9911
11046
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
9912
11047
  #
9913
11048
  #
@@ -9944,6 +11079,12 @@ module Aws::S3
9944
11079
  # The MD5 hash for the request body.
9945
11080
  # @return [String]
9946
11081
  #
11082
+ # @!attribute [rw] expected_bucket_owner
11083
+ # The account id of the expected bucket owner. If the bucket is owned
11084
+ # by a different account, the request will fail with an HTTP `403
11085
+ # (Access Denied)` error.
11086
+ # @return [String]
11087
+ #
9947
11088
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHoldRequest AWS API Documentation
9948
11089
  #
9949
11090
  class PutObjectLegalHoldRequest < Struct.new(
@@ -9952,7 +11093,8 @@ module Aws::S3
9952
11093
  :legal_hold,
9953
11094
  :request_payer,
9954
11095
  :version_id,
9955
- :content_md5)
11096
+ :content_md5,
11097
+ :expected_bucket_owner)
9956
11098
  SENSITIVE = []
9957
11099
  include Aws::Structure
9958
11100
  end
@@ -9988,6 +11130,7 @@ module Aws::S3
9988
11130
  # request_payer: "requester", # accepts requester
9989
11131
  # token: "ObjectLockToken",
9990
11132
  # content_md5: "ContentMD5",
11133
+ # expected_bucket_owner: "AccountId",
9991
11134
  # }
9992
11135
  #
9993
11136
  # @!attribute [rw] bucket
@@ -10020,6 +11163,12 @@ module Aws::S3
10020
11163
  # The MD5 hash for the request body.
10021
11164
  # @return [String]
10022
11165
  #
11166
+ # @!attribute [rw] expected_bucket_owner
11167
+ # The account id of the expected bucket owner. If the bucket is owned
11168
+ # by a different account, the request will fail with an HTTP `403
11169
+ # (Access Denied)` error.
11170
+ # @return [String]
11171
+ #
10023
11172
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfigurationRequest AWS API Documentation
10024
11173
  #
10025
11174
  class PutObjectLockConfigurationRequest < Struct.new(
@@ -10027,17 +11176,22 @@ module Aws::S3
10027
11176
  :object_lock_configuration,
10028
11177
  :request_payer,
10029
11178
  :token,
10030
- :content_md5)
11179
+ :content_md5,
11180
+ :expected_bucket_owner)
10031
11181
  SENSITIVE = []
10032
11182
  include Aws::Structure
10033
11183
  end
10034
11184
 
10035
11185
  # @!attribute [rw] expiration
10036
11186
  # If the expiration is configured for the object (see
10037
- # PutBucketLifecycleConfiguration), the response includes this header.
10038
- # It includes the expiry-date and rule-id key-value pairs that provide
10039
- # information about object expiration. The value of the rule-id is URL
10040
- # encoded.
11187
+ # [PutBucketLifecycleConfiguration][1]), the response includes this
11188
+ # header. It includes the expiry-date and rule-id key-value pairs that
11189
+ # provide information about object expiration. The value of the
11190
+ # rule-id is URL encoded.
11191
+ #
11192
+ #
11193
+ #
11194
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
10041
11195
  # @return [String]
10042
11196
  #
10043
11197
  # @!attribute [rw] etag
@@ -10127,7 +11281,7 @@ module Aws::S3
10127
11281
  # "MetadataKey" => "MetadataValue",
10128
11282
  # },
10129
11283
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
10130
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
11284
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
10131
11285
  # website_redirect_location: "WebsiteRedirectLocation",
10132
11286
  # sse_customer_algorithm: "SSECustomerAlgorithm",
10133
11287
  # sse_customer_key: "SSECustomerKey",
@@ -10139,12 +11293,15 @@ module Aws::S3
10139
11293
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
10140
11294
  # object_lock_retain_until_date: Time.now,
10141
11295
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
11296
+ # expected_bucket_owner: "AccountId",
10142
11297
  # }
10143
11298
  #
10144
11299
  # @!attribute [rw] acl
10145
11300
  # The canned ACL to apply to the object. For more information, see
10146
11301
  # [Canned ACL][1].
10147
11302
  #
11303
+ # This action is not supported by Amazon S3 on Outposts.
11304
+ #
10148
11305
  #
10149
11306
  #
10150
11307
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
@@ -10155,20 +11312,30 @@ module Aws::S3
10155
11312
  # @return [IO]
10156
11313
  #
10157
11314
  # @!attribute [rw] bucket
10158
- # Bucket name to which the PUT operation was initiated.
11315
+ # The bucket name to which the PUT operation was initiated.
10159
11316
  #
10160
11317
  # When using this API with an access point, you must direct requests
10161
11318
  # to the access point hostname. The access point hostname takes the
10162
11319
  # form
10163
11320
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10164
- # When using this operation using an access point through the AWS
10165
- # SDKs, you provide the access point ARN in place of the bucket name.
10166
- # For more information about access point ARNs, see [Using Access
11321
+ # When using this operation with an access point through the AWS SDKs,
11322
+ # you provide the access point ARN in place of the bucket name. For
11323
+ # more information about access point ARNs, see [Using Access
10167
11324
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10168
11325
  #
11326
+ # When using this API with Amazon S3 on Outposts, you must direct
11327
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
11328
+ # takes the form
11329
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
11330
+ # When using this operation using S3 on Outposts through the AWS SDKs,
11331
+ # you provide the Outposts bucket ARN in place of the bucket name. For
11332
+ # more information about S3 on Outposts ARNs, see [Using S3 on
11333
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
11334
+ #
10169
11335
  #
10170
11336
  #
10171
11337
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
11338
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
10172
11339
  # @return [String]
10173
11340
  #
10174
11341
  # @!attribute [rw] cache_control
@@ -10255,18 +11422,26 @@ module Aws::S3
10255
11422
  # @!attribute [rw] grant_full_control
10256
11423
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
10257
11424
  # object.
11425
+ #
11426
+ # This action is not supported by Amazon S3 on Outposts.
10258
11427
  # @return [String]
10259
11428
  #
10260
11429
  # @!attribute [rw] grant_read
10261
11430
  # Allows grantee to read the object data and its metadata.
11431
+ #
11432
+ # This action is not supported by Amazon S3 on Outposts.
10262
11433
  # @return [String]
10263
11434
  #
10264
11435
  # @!attribute [rw] grant_read_acp
10265
11436
  # Allows grantee to read the object ACL.
11437
+ #
11438
+ # This action is not supported by Amazon S3 on Outposts.
10266
11439
  # @return [String]
10267
11440
  #
10268
11441
  # @!attribute [rw] grant_write_acp
10269
11442
  # Allows grantee to write the ACL for the applicable object.
11443
+ #
11444
+ # This action is not supported by Amazon S3 on Outposts.
10270
11445
  # @return [String]
10271
11446
  #
10272
11447
  # @!attribute [rw] key
@@ -10283,8 +11458,16 @@ module Aws::S3
10283
11458
  # @return [String]
10284
11459
  #
10285
11460
  # @!attribute [rw] storage_class
10286
- # If you don't specify, S3 Standard is the default storage class.
10287
- # Amazon S3 supports other storage classes.
11461
+ # By default, Amazon S3 uses the STANDARD Storage Class to store newly
11462
+ # created objects. The STANDARD storage class provides high durability
11463
+ # and high availability. Depending on performance needs, you can
11464
+ # specify a different Storage Class. Amazon S3 on Outposts only uses
11465
+ # the OUTPOSTS Storage Class. For more information, see [Storage
11466
+ # Classes][1] in the *Amazon S3 Service Developer Guide*.
11467
+ #
11468
+ #
11469
+ #
11470
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
10288
11471
  # @return [String]
10289
11472
  #
10290
11473
  # @!attribute [rw] website_redirect_location
@@ -10325,7 +11508,7 @@ module Aws::S3
10325
11508
  # in encrypting data. This value is used to store the object and then
10326
11509
  # it is discarded; Amazon S3 does not store the encryption key. The
10327
11510
  # key must be appropriate for use with the algorithm specified in the
10328
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
11511
+ # `x-amz-server-side-encryption-customer-algorithm` header.
10329
11512
  # @return [String]
10330
11513
  #
10331
11514
  # @!attribute [rw] sse_customer_key_md5
@@ -10389,6 +11572,12 @@ module Aws::S3
10389
11572
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
10390
11573
  # @return [String]
10391
11574
  #
11575
+ # @!attribute [rw] expected_bucket_owner
11576
+ # The account id of the expected bucket owner. If the bucket is owned
11577
+ # by a different account, the request will fail with an HTTP `403
11578
+ # (Access Denied)` error.
11579
+ # @return [String]
11580
+ #
10392
11581
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRequest AWS API Documentation
10393
11582
  #
10394
11583
  class PutObjectRequest < Struct.new(
@@ -10421,7 +11610,8 @@ module Aws::S3
10421
11610
  :tagging,
10422
11611
  :object_lock_mode,
10423
11612
  :object_lock_retain_until_date,
10424
- :object_lock_legal_hold_status)
11613
+ :object_lock_legal_hold_status,
11614
+ :expected_bucket_owner)
10425
11615
  SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
10426
11616
  include Aws::Structure
10427
11617
  end
@@ -10453,6 +11643,7 @@ module Aws::S3
10453
11643
  # version_id: "ObjectVersionId",
10454
11644
  # bypass_governance_retention: false,
10455
11645
  # content_md5: "ContentMD5",
11646
+ # expected_bucket_owner: "AccountId",
10456
11647
  # }
10457
11648
  #
10458
11649
  # @!attribute [rw] bucket
@@ -10463,9 +11654,9 @@ module Aws::S3
10463
11654
  # to the access point hostname. The access point hostname takes the
10464
11655
  # form
10465
11656
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10466
- # When using this operation using an access point through the AWS
10467
- # SDKs, you provide the access point ARN in place of the bucket name.
10468
- # For more information about access point ARNs, see [Using Access
11657
+ # When using this operation with an access point through the AWS SDKs,
11658
+ # you provide the access point ARN in place of the bucket name. For
11659
+ # more information about access point ARNs, see [Using Access
10469
11660
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10470
11661
  #
10471
11662
  #
@@ -10508,6 +11699,12 @@ module Aws::S3
10508
11699
  # The MD5 hash for the request body.
10509
11700
  # @return [String]
10510
11701
  #
11702
+ # @!attribute [rw] expected_bucket_owner
11703
+ # The account id of the expected bucket owner. If the bucket is owned
11704
+ # by a different account, the request will fail with an HTTP `403
11705
+ # (Access Denied)` error.
11706
+ # @return [String]
11707
+ #
10511
11708
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetentionRequest AWS API Documentation
10512
11709
  #
10513
11710
  class PutObjectRetentionRequest < Struct.new(
@@ -10517,7 +11714,8 @@ module Aws::S3
10517
11714
  :request_payer,
10518
11715
  :version_id,
10519
11716
  :bypass_governance_retention,
10520
- :content_md5)
11717
+ :content_md5,
11718
+ :expected_bucket_owner)
10521
11719
  SENSITIVE = []
10522
11720
  include Aws::Structure
10523
11721
  end
@@ -10550,6 +11748,7 @@ module Aws::S3
10550
11748
  # },
10551
11749
  # ],
10552
11750
  # },
11751
+ # expected_bucket_owner: "AccountId",
10553
11752
  # }
10554
11753
  #
10555
11754
  # @!attribute [rw] bucket
@@ -10559,14 +11758,24 @@ module Aws::S3
10559
11758
  # to the access point hostname. The access point hostname takes the
10560
11759
  # form
10561
11760
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10562
- # When using this operation using an access point through the AWS
10563
- # SDKs, you provide the access point ARN in place of the bucket name.
10564
- # For more information about access point ARNs, see [Using Access
11761
+ # When using this operation with an access point through the AWS SDKs,
11762
+ # you provide the access point ARN in place of the bucket name. For
11763
+ # more information about access point ARNs, see [Using Access
10565
11764
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10566
11765
  #
11766
+ # When using this API with Amazon S3 on Outposts, you must direct
11767
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
11768
+ # takes the form
11769
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
11770
+ # When using this operation using S3 on Outposts through the AWS SDKs,
11771
+ # you provide the Outposts bucket ARN in place of the bucket name. For
11772
+ # more information about S3 on Outposts ARNs, see [Using S3 on
11773
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
11774
+ #
10567
11775
  #
10568
11776
  #
10569
11777
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
11778
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
10570
11779
  # @return [String]
10571
11780
  #
10572
11781
  # @!attribute [rw] key
@@ -10585,6 +11794,12 @@ module Aws::S3
10585
11794
  # Container for the `TagSet` and `Tag` elements
10586
11795
  # @return [Types::Tagging]
10587
11796
  #
11797
+ # @!attribute [rw] expected_bucket_owner
11798
+ # The account id of the expected bucket owner. If the bucket is owned
11799
+ # by a different account, the request will fail with an HTTP `403
11800
+ # (Access Denied)` error.
11801
+ # @return [String]
11802
+ #
10588
11803
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingRequest AWS API Documentation
10589
11804
  #
10590
11805
  class PutObjectTaggingRequest < Struct.new(
@@ -10592,7 +11807,8 @@ module Aws::S3
10592
11807
  :key,
10593
11808
  :version_id,
10594
11809
  :content_md5,
10595
- :tagging)
11810
+ :tagging,
11811
+ :expected_bucket_owner)
10596
11812
  SENSITIVE = []
10597
11813
  include Aws::Structure
10598
11814
  end
@@ -10609,6 +11825,7 @@ module Aws::S3
10609
11825
  # block_public_policy: false,
10610
11826
  # restrict_public_buckets: false,
10611
11827
  # },
11828
+ # expected_bucket_owner: "AccountId",
10612
11829
  # }
10613
11830
  #
10614
11831
  # @!attribute [rw] bucket
@@ -10632,12 +11849,19 @@ module Aws::S3
10632
11849
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
10633
11850
  # @return [Types::PublicAccessBlockConfiguration]
10634
11851
  #
11852
+ # @!attribute [rw] expected_bucket_owner
11853
+ # The account id of the expected bucket owner. If the bucket is owned
11854
+ # by a different account, the request will fail with an HTTP `403
11855
+ # (Access Denied)` error.
11856
+ # @return [String]
11857
+ #
10635
11858
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlockRequest AWS API Documentation
10636
11859
  #
10637
11860
  class PutPublicAccessBlockRequest < Struct.new(
10638
11861
  :bucket,
10639
11862
  :content_md5,
10640
- :public_access_block_configuration)
11863
+ :public_access_block_configuration,
11864
+ :expected_bucket_owner)
10641
11865
  SENSITIVE = []
10642
11866
  include Aws::Structure
10643
11867
  end
@@ -10702,11 +11926,15 @@ module Aws::S3
10702
11926
  include Aws::Structure
10703
11927
  end
10704
11928
 
10705
- # This data type is deprecated. Use QueueConfiguration for the same
11929
+ # This data type is deprecated. Use [QueueConfiguration][1] for the same
10706
11930
  # purposes. This data type specifies the configuration for publishing
10707
11931
  # messages to an Amazon Simple Queue Service (Amazon SQS) queue when
10708
11932
  # Amazon S3 detects specified events.
10709
11933
  #
11934
+ #
11935
+ #
11936
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html
11937
+ #
10710
11938
  # @note When making an API call, you may pass QueueConfigurationDeprecated
10711
11939
  # data as a hash:
10712
11940
  #
@@ -10890,7 +12118,7 @@ module Aws::S3
10890
12118
  # destination: { # required
10891
12119
  # bucket: "BucketName", # required
10892
12120
  # account: "AccountId",
10893
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12121
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
10894
12122
  # access_control_translation: {
10895
12123
  # owner: "Destination", # required, accepts Destination
10896
12124
  # },
@@ -10981,7 +12209,7 @@ module Aws::S3
10981
12209
  # destination: { # required
10982
12210
  # bucket: "BucketName", # required
10983
12211
  # account: "AccountId",
10984
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12212
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
10985
12213
  # access_control_translation: {
10986
12214
  # owner: "Destination", # required, accepts Destination
10987
12215
  # },
@@ -11406,11 +12634,12 @@ module Aws::S3
11406
12634
  # value: "MetadataValue",
11407
12635
  # },
11408
12636
  # ],
11409
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12637
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
11410
12638
  # },
11411
12639
  # },
11412
12640
  # },
11413
12641
  # request_payer: "requester", # accepts requester
12642
+ # expected_bucket_owner: "AccountId",
11414
12643
  # }
11415
12644
  #
11416
12645
  # @!attribute [rw] bucket
@@ -11420,14 +12649,24 @@ module Aws::S3
11420
12649
  # to the access point hostname. The access point hostname takes the
11421
12650
  # form
11422
12651
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
11423
- # When using this operation using an access point through the AWS
11424
- # SDKs, you provide the access point ARN in place of the bucket name.
11425
- # For more information about access point ARNs, see [Using Access
12652
+ # When using this operation with an access point through the AWS SDKs,
12653
+ # you provide the access point ARN in place of the bucket name. For
12654
+ # more information about access point ARNs, see [Using Access
11426
12655
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
11427
12656
  #
12657
+ # When using this API with Amazon S3 on Outposts, you must direct
12658
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
12659
+ # takes the form
12660
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
12661
+ # When using this operation using S3 on Outposts through the AWS SDKs,
12662
+ # you provide the Outposts bucket ARN in place of the bucket name. For
12663
+ # more information about S3 on Outposts ARNs, see [Using S3 on
12664
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
12665
+ #
11428
12666
  #
11429
12667
  #
11430
12668
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
12669
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
11431
12670
  # @return [String]
11432
12671
  #
11433
12672
  # @!attribute [rw] key
@@ -11454,6 +12693,12 @@ module Aws::S3
11454
12693
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
11455
12694
  # @return [String]
11456
12695
  #
12696
+ # @!attribute [rw] expected_bucket_owner
12697
+ # The account id of the expected bucket owner. If the bucket is owned
12698
+ # by a different account, the request will fail with an HTTP `403
12699
+ # (Access Denied)` error.
12700
+ # @return [String]
12701
+ #
11457
12702
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObjectRequest AWS API Documentation
11458
12703
  #
11459
12704
  class RestoreObjectRequest < Struct.new(
@@ -11461,7 +12706,8 @@ module Aws::S3
11461
12706
  :key,
11462
12707
  :version_id,
11463
12708
  :restore_request,
11464
- :request_payer)
12709
+ :request_payer,
12710
+ :expected_bucket_owner)
11465
12711
  SENSITIVE = []
11466
12712
  include Aws::Structure
11467
12713
  end
@@ -11548,7 +12794,7 @@ module Aws::S3
11548
12794
  # value: "MetadataValue",
11549
12795
  # },
11550
12796
  # ],
11551
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12797
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
11552
12798
  # },
11553
12799
  # },
11554
12800
  # }
@@ -11597,7 +12843,14 @@ module Aws::S3
11597
12843
  include Aws::Structure
11598
12844
  end
11599
12845
 
11600
- # Specifies the redirect behavior and when a redirect is applied.
12846
+ # Specifies the redirect behavior and when a redirect is applied. For
12847
+ # more information about routing rules, see [Configuring advanced
12848
+ # conditional redirects][1] in the *Amazon Simple Storage Service
12849
+ # Developer Guide*.
12850
+ #
12851
+ #
12852
+ #
12853
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects
11601
12854
  #
11602
12855
  # @note When making an API call, you may pass RoutingRule
11603
12856
  # data as a hash:
@@ -11823,7 +13076,7 @@ module Aws::S3
11823
13076
  # value: "MetadataValue",
11824
13077
  # },
11825
13078
  # ],
11826
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
13079
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
11827
13080
  # }
11828
13081
  #
11829
13082
  # @!attribute [rw] bucket_name
@@ -12017,6 +13270,7 @@ module Aws::S3
12017
13270
  # start: 1,
12018
13271
  # end: 1,
12019
13272
  # },
13273
+ # expected_bucket_owner: "AccountId",
12020
13274
  # }
12021
13275
  #
12022
13276
  # @!attribute [rw] bucket
@@ -12098,6 +13352,12 @@ module Aws::S3
12098
13352
  # within the last 50 bytes of the file.
12099
13353
  # @return [Types::ScanRange]
12100
13354
  #
13355
+ # @!attribute [rw] expected_bucket_owner
13356
+ # The account id of the expected bucket owner. If the bucket is owned
13357
+ # by a different account, the request will fail with an HTTP `403
13358
+ # (Access Denied)` error.
13359
+ # @return [String]
13360
+ #
12101
13361
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContentRequest AWS API Documentation
12102
13362
  #
12103
13363
  class SelectObjectContentRequest < Struct.new(
@@ -12111,7 +13371,8 @@ module Aws::S3
12111
13371
  :request_progress,
12112
13372
  :input_serialization,
12113
13373
  :output_serialization,
12114
- :scan_range)
13374
+ :scan_range,
13375
+ :expected_bucket_owner)
12115
13376
  SENSITIVE = [:sse_customer_key]
12116
13377
  include Aws::Structure
12117
13378
  end
@@ -12533,7 +13794,7 @@ module Aws::S3
12533
13794
  # @return [Types::Grantee]
12534
13795
  #
12535
13796
  # @!attribute [rw] permission
12536
- # Logging permissions assigned to the Grantee for the bucket.
13797
+ # Logging permissions assigned to the grantee for the bucket.
12537
13798
  # @return [String]
12538
13799
  #
12539
13800
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/TargetGrant AWS API Documentation
@@ -12614,7 +13875,11 @@ module Aws::S3
12614
13875
  # A container for specifying the configuration for publication of
12615
13876
  # messages to an Amazon Simple Notification Service (Amazon SNS) topic
12616
13877
  # when Amazon S3 detects specified events. This data type is deprecated.
12617
- # Use TopicConfiguration instead.
13878
+ # Use [TopicConfiguration][1] instead.
13879
+ #
13880
+ #
13881
+ #
13882
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_TopicConfiguration.html
12618
13883
  #
12619
13884
  # @note When making an API call, you may pass TopicConfigurationDeprecated
12620
13885
  # data as a hash:
@@ -12773,15 +14038,82 @@ module Aws::S3
12773
14038
  # copy_source_sse_customer_key: "CopySourceSSECustomerKey",
12774
14039
  # copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
12775
14040
  # request_payer: "requester", # accepts requester
14041
+ # expected_bucket_owner: "AccountId",
14042
+ # expected_source_bucket_owner: "AccountId",
12776
14043
  # }
12777
14044
  #
12778
14045
  # @!attribute [rw] bucket
12779
14046
  # The bucket name.
14047
+ #
14048
+ # When using this API with an access point, you must direct requests
14049
+ # to the access point hostname. The access point hostname takes the
14050
+ # form
14051
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
14052
+ # When using this operation with an access point through the AWS SDKs,
14053
+ # you provide the access point ARN in place of the bucket name. For
14054
+ # more information about access point ARNs, see [Using Access
14055
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
14056
+ #
14057
+ # When using this API with Amazon S3 on Outposts, you must direct
14058
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
14059
+ # takes the form
14060
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
14061
+ # When using this operation using S3 on Outposts through the AWS SDKs,
14062
+ # you provide the Outposts bucket ARN in place of the bucket name. For
14063
+ # more information about S3 on Outposts ARNs, see [Using S3 on
14064
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
14065
+ #
14066
+ #
14067
+ #
14068
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
14069
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
12780
14070
  # @return [String]
12781
14071
  #
12782
14072
  # @!attribute [rw] copy_source
12783
- # The name of the source bucket and key name of the source object,
12784
- # separated by a slash (/). Must be URL-encoded.
14073
+ # Specifies the source object for the copy operation. You specify the
14074
+ # value in one of two formats, depending on whether you want to access
14075
+ # the source object through an [access point][1]\:
14076
+ #
14077
+ # * For objects not accessed through an access point, specify the name
14078
+ # of the source bucket and key of the source object, separated by a
14079
+ # slash (/). For example, to copy the object `reports/january.pdf`
14080
+ # from the bucket `awsexamplebucket`, use
14081
+ # `awsexamplebucket/reports/january.pdf`. The value must be URL
14082
+ # encoded.
14083
+ #
14084
+ # * For objects accessed through access points, specify the Amazon
14085
+ # Resource Name (ARN) of the object as accessed through the access
14086
+ # point, in the format
14087
+ # `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
14088
+ # For example, to copy the object `reports/january.pdf` through
14089
+ # access point `my-access-point` owned by account `123456789012` in
14090
+ # Region `us-west-2`, use the URL encoding of
14091
+ # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
14092
+ # The value must be URL encoded.
14093
+ #
14094
+ # <note markdown="1"> Amazon S3 supports copy operations using access points only when
14095
+ # the source and destination buckets are in the same AWS Region.
14096
+ #
14097
+ # </note>
14098
+ #
14099
+ # Alternatively, for objects accessed through Amazon S3 on Outposts,
14100
+ # specify the ARN of the object as accessed in the format
14101
+ # `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
14102
+ # For example, to copy the object `reports/january.pdf` through
14103
+ # outpost `my-outpost` owned by account `123456789012` in Region
14104
+ # `us-west-2`, use the URL encoding of
14105
+ # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
14106
+ # The value must be URL encoded.
14107
+ #
14108
+ # To copy a specific version of an object, append
14109
+ # `?versionId=<version-id>` to the value (for example,
14110
+ # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
14111
+ # If you don't specify a version ID, Amazon S3 copies the latest
14112
+ # version of the source object.
14113
+ #
14114
+ #
14115
+ #
14116
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
12785
14117
  # @return [String]
12786
14118
  #
12787
14119
  # @!attribute [rw] copy_source_if_match
@@ -12835,8 +14167,8 @@ module Aws::S3
12835
14167
  # in encrypting data. This value is used to store the object and then
12836
14168
  # it is discarded; Amazon S3 does not store the encryption key. The
12837
14169
  # key must be appropriate for use with the algorithm specified in the
12838
- # `x-amz-server-side​-encryption​-customer-algorithm` header. This
12839
- # must be the same encryption key specified in the initiate multipart
14170
+ # `x-amz-server-side-encryption-customer-algorithm` header. This must
14171
+ # be the same encryption key specified in the initiate multipart
12840
14172
  # upload request.
12841
14173
  # @return [String]
12842
14174
  #
@@ -12875,6 +14207,18 @@ module Aws::S3
12875
14207
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
12876
14208
  # @return [String]
12877
14209
  #
14210
+ # @!attribute [rw] expected_bucket_owner
14211
+ # The account id of the expected destination bucket owner. If the
14212
+ # destination bucket is owned by a different account, the request will
14213
+ # fail with an HTTP `403 (Access Denied)` error.
14214
+ # @return [String]
14215
+ #
14216
+ # @!attribute [rw] expected_source_bucket_owner
14217
+ # The account id of the expected source bucket owner. If the source
14218
+ # bucket is owned by a different account, the request will fail with
14219
+ # an HTTP `403 (Access Denied)` error.
14220
+ # @return [String]
14221
+ #
12878
14222
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopyRequest AWS API Documentation
12879
14223
  #
12880
14224
  class UploadPartCopyRequest < Struct.new(
@@ -12894,7 +14238,9 @@ module Aws::S3
12894
14238
  :copy_source_sse_customer_algorithm,
12895
14239
  :copy_source_sse_customer_key,
12896
14240
  :copy_source_sse_customer_key_md5,
12897
- :request_payer)
14241
+ :request_payer,
14242
+ :expected_bucket_owner,
14243
+ :expected_source_bucket_owner)
12898
14244
  SENSITIVE = [:sse_customer_key, :copy_source_sse_customer_key]
12899
14245
  include Aws::Structure
12900
14246
  end
@@ -12960,6 +14306,7 @@ module Aws::S3
12960
14306
  # sse_customer_key: "SSECustomerKey",
12961
14307
  # sse_customer_key_md5: "SSECustomerKeyMD5",
12962
14308
  # request_payer: "requester", # accepts requester
14309
+ # expected_bucket_owner: "AccountId",
12963
14310
  # }
12964
14311
  #
12965
14312
  # @!attribute [rw] body
@@ -12967,7 +14314,30 @@ module Aws::S3
12967
14314
  # @return [IO]
12968
14315
  #
12969
14316
  # @!attribute [rw] bucket
12970
- # Name of the bucket to which the multipart upload was initiated.
14317
+ # The name of the bucket to which the multipart upload was initiated.
14318
+ #
14319
+ # When using this API with an access point, you must direct requests
14320
+ # to the access point hostname. The access point hostname takes the
14321
+ # form
14322
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
14323
+ # When using this operation with an access point through the AWS SDKs,
14324
+ # you provide the access point ARN in place of the bucket name. For
14325
+ # more information about access point ARNs, see [Using Access
14326
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
14327
+ #
14328
+ # When using this API with Amazon S3 on Outposts, you must direct
14329
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
14330
+ # takes the form
14331
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
14332
+ # When using this operation using S3 on Outposts through the AWS SDKs,
14333
+ # you provide the Outposts bucket ARN in place of the bucket name. For
14334
+ # more information about S3 on Outposts ARNs, see [Using S3 on
14335
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
14336
+ #
14337
+ #
14338
+ #
14339
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
14340
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
12971
14341
  # @return [String]
12972
14342
  #
12973
14343
  # @!attribute [rw] content_length
@@ -13005,8 +14375,8 @@ module Aws::S3
13005
14375
  # in encrypting data. This value is used to store the object and then
13006
14376
  # it is discarded; Amazon S3 does not store the encryption key. The
13007
14377
  # key must be appropriate for use with the algorithm specified in the
13008
- # `x-amz-server-side​-encryption​-customer-algorithm header`. This
13009
- # must be the same encryption key specified in the initiate multipart
14378
+ # `x-amz-server-side-encryption-customer-algorithm header`. This must
14379
+ # be the same encryption key specified in the initiate multipart
13010
14380
  # upload request.
13011
14381
  # @return [String]
13012
14382
  #
@@ -13028,6 +14398,12 @@ module Aws::S3
13028
14398
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
13029
14399
  # @return [String]
13030
14400
  #
14401
+ # @!attribute [rw] expected_bucket_owner
14402
+ # The account id of the expected bucket owner. If the bucket is owned
14403
+ # by a different account, the request will fail with an HTTP `403
14404
+ # (Access Denied)` error.
14405
+ # @return [String]
14406
+ #
13031
14407
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartRequest AWS API Documentation
13032
14408
  #
13033
14409
  class UploadPartRequest < Struct.new(
@@ -13041,7 +14417,8 @@ module Aws::S3
13041
14417
  :sse_customer_algorithm,
13042
14418
  :sse_customer_key,
13043
14419
  :sse_customer_key_md5,
13044
- :request_payer)
14420
+ :request_payer,
14421
+ :expected_bucket_owner)
13045
14422
  SENSITIVE = [:sse_customer_key]
13046
14423
  include Aws::Structure
13047
14424
  end