aws-sdk-s3 1.79.1 → 1.83.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,187 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative '../arn/access_point_arn'
4
+ require_relative '../arn/outpost_access_point_arn'
5
+
6
+ module Aws
7
+ module S3
8
+ module Plugins
9
+ # When an accesspoint ARN is provided for :bucket in S3 operations, this
10
+ # plugin resolves the request endpoint from the ARN when possible.
11
+ # @api private
12
+ class ARN < Seahorse::Client::Plugin
13
+ option(
14
+ :s3_use_arn_region,
15
+ default: true,
16
+ doc_type: 'Boolean',
17
+ docstring: <<-DOCS) do |cfg|
18
+ For S3 ARNs passed into the `:bucket` parameter, this option will
19
+ use the region in the ARN, allowing for cross-region requests to
20
+ be made. Set to `false` to use the client's region instead.
21
+ DOCS
22
+ resolve_s3_use_arn_region(cfg)
23
+ end
24
+
25
+ def add_handlers(handlers, _config)
26
+ handlers.add(Handler)
27
+ end
28
+
29
+ class Handler < Seahorse::Client::Handler
30
+ def call(context)
31
+ bucket_member = _bucket_member(context.operation.input.shape)
32
+ if bucket_member && (bucket = context.params[bucket_member])
33
+ resolved_region, arn = ARN.resolve_arn!(
34
+ bucket,
35
+ context.config.region,
36
+ context.config.s3_use_arn_region
37
+ )
38
+ if arn
39
+ validate_config!(context, arn)
40
+
41
+ ARN.resolve_url!(
42
+ context.http_request.endpoint,
43
+ arn,
44
+ resolved_region,
45
+ extract_dualstack_config!(context)
46
+ )
47
+ end
48
+ end
49
+ @handler.call(context)
50
+ end
51
+
52
+ private
53
+
54
+ def _bucket_member(input)
55
+ input.members.each do |member, ref|
56
+ return member if ref.shape.name == 'BucketName'
57
+ end
58
+ nil
59
+ end
60
+
61
+ # other plugins use dualstack so disable it when we're done
62
+ def extract_dualstack_config!(context)
63
+ dualstack = context[:use_dualstack_endpoint]
64
+ context[:use_dualstack_endpoint] = false if dualstack
65
+ dualstack
66
+ end
67
+
68
+ def validate_config!(context, arn)
69
+ unless context.config.regional_endpoint
70
+ raise ArgumentError,
71
+ 'Cannot provide both an Access Point ARN and setting '\
72
+ ':endpoint.'
73
+ end
74
+
75
+ if context.config.force_path_style
76
+ raise ArgumentError,
77
+ 'Cannot provide both an Access Point ARN and setting '\
78
+ ':force_path_style to true.'
79
+ end
80
+
81
+ if context.config.use_accelerate_endpoint
82
+ raise ArgumentError,
83
+ 'Cannot provide both an Access Point ARN and setting '\
84
+ ':use_accelerate_endpoint to true.'
85
+ end
86
+
87
+ if !arn.support_dualstack? && context[:use_dualstack_endpoint]
88
+ raise ArgumentError,
89
+ 'Cannot provide both an Outpost Access Point ARN and '\
90
+ 'setting :use_dualstack_endpoint to true.'
91
+ end
92
+ end
93
+ end
94
+
95
+ class << self
96
+ # @api private
97
+ def resolve_arn!(member_value, region, use_arn_region)
98
+ if Aws::ARNParser.arn?(member_value)
99
+ arn = Aws::ARNParser.parse(member_value)
100
+ if arn.resource.start_with?('accesspoint')
101
+ s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
102
+ elsif arn.resource.start_with?('outpost')
103
+ s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
104
+ else
105
+ raise ArgumentError,
106
+ 'Only Access Point and Outpost Access Point type ARNs '\
107
+ 'are currently supported.'
108
+ end
109
+ s3_arn.validate_arn!
110
+ validate_region_config!(s3_arn, region, use_arn_region)
111
+ region = s3_arn.region if use_arn_region
112
+ [region, s3_arn]
113
+ else
114
+ [region]
115
+ end
116
+ end
117
+
118
+ # @api private
119
+ def resolve_url!(url, arn, region, dualstack = false)
120
+ url.host = arn.host_url(region, dualstack)
121
+ url.path = url_path(url.path, arn)
122
+ url
123
+ end
124
+
125
+ private
126
+
127
+ def resolve_s3_use_arn_region(cfg)
128
+ value = ENV['AWS_S3_USE_ARN_REGION'] ||
129
+ Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
130
+ 'true'
131
+ value = Aws::Util.str_2_bool(value)
132
+ # Raise if provided value is not true or false
133
+ if value.nil?
134
+ raise ArgumentError,
135
+ 'Must provide either `true` or `false` for '\
136
+ 's3_use_arn_region profile option or for '\
137
+ "ENV['AWS_S3_USE_ARN_REGION']"
138
+ end
139
+ value
140
+ end
141
+
142
+ # Remove ARN from the path since it was substituted already
143
+ # This only works because accesspoints care about the URL
144
+ def url_path(path, arn)
145
+ path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
146
+ .sub("/#{arn}", '')
147
+ "/#{path}" unless path =~ /^\//
148
+ path
149
+ end
150
+
151
+ def validate_region_config!(arn, region, use_arn_region)
152
+ fips = arn.support_fips?
153
+
154
+ # s3-external-1 is specific just to s3 and not part of partitions
155
+ # aws-global is a partition region
156
+ unless arn.partition == 'aws' &&
157
+ (region == 's3-external-1' || region == 'aws-global')
158
+ if !fips && arn.region.include?('fips')
159
+ raise ArgumentError,
160
+ 'FIPS region ARNs are not supported for this type of ARN.'
161
+ end
162
+
163
+ if !fips && !use_arn_region && region.include?('fips')
164
+ raise ArgumentError,
165
+ 'FIPS client regions are not supported for this type of '\
166
+ 'ARN without s3_use_arn_region.'
167
+ end
168
+
169
+ # if it's a fips region, attempt to normalize it
170
+ if fips || use_arn_region
171
+ region = region.gsub('fips-', '').gsub('-fips', '')
172
+ end
173
+ if use_arn_region &&
174
+ !Aws::Partitions.partition(arn.partition).region?(region)
175
+ raise Aws::Errors::InvalidARNPartitionError
176
+ end
177
+
178
+ if !use_arn_region && region != arn.region
179
+ raise Aws::Errors::InvalidARNRegionError
180
+ end
181
+ end
182
+ end
183
+ end
184
+ end
185
+ end
186
+ end
187
+ end
@@ -73,8 +73,6 @@ request URI and never moved to the host as a sub-domain.
73
73
  end
74
74
  end
75
75
 
76
- # Checks for a valid RFC-3986 host name
77
- # @see https://tools.ietf.org/html/rfc3986#section-3.2.2
78
76
  # @param [String] bucket_name
79
77
  # @return [Boolean]
80
78
  def valid_subdomain?(bucket_name)
@@ -13,7 +13,7 @@ module Aws
13
13
  def call(context)
14
14
  bucket_member = _bucket_member(context.operation.input.shape)
15
15
  if bucket_member && (bucket = context.params[bucket_member])
16
- _resolved_bucket, _resolved_region, arn = BucketARN.resolve_arn!(
16
+ _resolved_region, arn = ARN.resolve_arn!(
17
17
  bucket,
18
18
  context.config.region,
19
19
  context.config.s3_use_arn_region
@@ -12,12 +12,14 @@ module Aws
12
12
 
13
13
  option(:sigv4_signer) do |cfg|
14
14
  S3Signer.build_v4_signer(
15
+ service: 's3',
15
16
  region: cfg.sigv4_region,
16
17
  credentials: cfg.credentials
17
18
  )
18
19
  end
19
20
 
20
21
  option(:sigv4_region) do |cfg|
22
+ # S3 removes core's signature_v4 plugin that checks for this
21
23
  raise Aws::Errors::MissingRegionError if cfg.region.nil?
22
24
 
23
25
  Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
@@ -67,11 +69,26 @@ module Aws
67
69
  if context[:cached_sigv4_region] &&
68
70
  context[:cached_sigv4_region] != context.config.sigv4_signer.region
69
71
  S3Signer.build_v4_signer(
72
+ service: 's3',
70
73
  region: context[:cached_sigv4_region],
71
74
  credentials: context.config.credentials
72
75
  )
73
76
  else
74
- context.config.sigv4_signer
77
+ resolved_region, arn = ARN.resolve_arn!(
78
+ context.params[:bucket],
79
+ context.config.sigv4_signer.region,
80
+ context.config.s3_use_arn_region
81
+ )
82
+
83
+ if arn
84
+ S3Signer.build_v4_signer(
85
+ service: arn.respond_to?(:outpost_id) ? 's3-outposts' : 's3',
86
+ region: resolved_region,
87
+ credentials: context.config.credentials
88
+ )
89
+ else
90
+ context.config.sigv4_signer
91
+ end
75
92
  end
76
93
  end
77
94
  end
@@ -90,7 +107,9 @@ module Aws
90
107
  def check_for_cached_region(context, bucket)
91
108
  cached_region = S3::BUCKET_REGIONS[bucket]
92
109
  if cached_region && cached_region != context.config.region
93
- context.http_request.endpoint.host = S3Signer.new_hostname(context, cached_region)
110
+ context.http_request.endpoint.host = S3Signer.new_hostname(
111
+ context, cached_region
112
+ )
94
113
  context[:cached_sigv4_region] = cached_region
95
114
  end
96
115
  end
@@ -150,11 +169,14 @@ module Aws
150
169
 
151
170
  def resign_with_new_region(context, actual_region)
152
171
  context.http_response.body.truncate(0)
153
- context.http_request.endpoint.host = S3Signer.new_hostname(context, actual_region)
172
+ context.http_request.endpoint.host = S3Signer.new_hostname(
173
+ context, actual_region
174
+ )
154
175
  context.metadata[:redirect_region] = actual_region
155
176
  Aws::Plugins::SignatureV4.apply_signature(
156
177
  context: context,
157
178
  signer: S3Signer.build_v4_signer(
179
+ service: 's3',
158
180
  region: actual_region,
159
181
  credentials: context.config.credentials
160
182
  )
@@ -189,7 +211,7 @@ module Aws
189
211
  # @api private
190
212
  def build_v4_signer(options = {})
191
213
  Aws::Sigv4::Signer.new(
192
- service: 's3',
214
+ service: options[:service],
193
215
  region: options[:region],
194
216
  credentials_provider: options[:credentials],
195
217
  uri_escape_path: false,
@@ -200,7 +222,7 @@ module Aws
200
222
  def new_hostname(context, region)
201
223
  # Check to see if the bucket is actually an ARN and resolve it
202
224
  # Otherwise it will retry with the ARN as the bucket name.
203
- resolved_bucket, resolved_region, arn = BucketARN.resolve_arn!(
225
+ resolved_region, arn = ARN.resolve_arn!(
204
226
  context.params[:bucket],
205
227
  region,
206
228
  context.config.s3_use_arn_region
@@ -210,9 +232,9 @@ module Aws
210
232
  )
211
233
 
212
234
  if arn
213
- BucketARN.resolve_url!(uri, arn).host
235
+ ARN.resolve_url!(uri, arn).host
214
236
  else
215
- resolved_bucket + '.' + uri.host
237
+ "#{context.params[:bucket]}.#{uri.host}"
216
238
  end
217
239
  end
218
240
  end
@@ -12,6 +12,7 @@ module Aws
12
12
  # @api private
13
13
  BLACKLISTED_HEADERS = [
14
14
  'accept',
15
+ 'amz-sdk-request',
15
16
  'cache-control',
16
17
  'content-length', # due to a ELB bug
17
18
  'expect',
@@ -61,6 +61,7 @@ module Aws::S3
61
61
  # key: "ObjectKey", # required
62
62
  # upload_id: "MultipartUploadId", # required
63
63
  # request_payer: "requester", # accepts requester
64
+ # expected_bucket_owner: "AccountId",
64
65
  # }
65
66
  #
66
67
  # @!attribute [rw] bucket
@@ -70,14 +71,24 @@ module Aws::S3
70
71
  # to the access point hostname. The access point hostname takes the
71
72
  # form
72
73
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
73
- # When using this operation using an access point through the AWS
74
- # SDKs, you provide the access point ARN in place of the bucket name.
75
- # For more information about access point ARNs, see [Using Access
74
+ # When using this operation with an access point through the AWS SDKs,
75
+ # you provide the access point ARN in place of the bucket name. For
76
+ # more information about access point ARNs, see [Using Access
76
77
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
77
78
  #
79
+ # When using this API with Amazon S3 on Outposts, you must direct
80
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
81
+ # takes the form
82
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
83
+ # When using this operation using S3 on Outposts through the AWS SDKs,
84
+ # you provide the Outposts bucket ARN in place of the bucket name. For
85
+ # more information about S3 on Outposts ARNs, see [Using S3 on
86
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
87
+ #
78
88
  #
79
89
  #
80
90
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
91
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
81
92
  # @return [String]
82
93
  #
83
94
  # @!attribute [rw] key
@@ -100,13 +111,20 @@ module Aws::S3
100
111
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
101
112
  # @return [String]
102
113
  #
114
+ # @!attribute [rw] expected_bucket_owner
115
+ # The account id of the expected bucket owner. If the bucket is owned
116
+ # by a different account, the request will fail with an HTTP `403
117
+ # (Access Denied)` error.
118
+ # @return [String]
119
+ #
103
120
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbortMultipartUploadRequest AWS API Documentation
104
121
  #
105
122
  class AbortMultipartUploadRequest < Struct.new(
106
123
  :bucket,
107
124
  :key,
108
125
  :upload_id,
109
- :request_payer)
126
+ :request_payer,
127
+ :expected_bucket_owner)
110
128
  SENSITIVE = []
111
129
  include Aws::Structure
112
130
  end
@@ -454,8 +472,8 @@ module Aws::S3
454
472
  end
455
473
 
456
474
  # The requested bucket name is not available. The bucket namespace is
457
- # shared by all users of the system. Please select a different name and
458
- # try again.
475
+ # shared by all users of the system. Select a different name and try
476
+ # again.
459
477
  #
460
478
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/BucketAlreadyExists AWS API Documentation
461
479
  #
@@ -891,6 +909,29 @@ module Aws::S3
891
909
  #
892
910
  # @!attribute [rw] bucket
893
911
  # The name of the bucket that contains the newly created object.
912
+ #
913
+ # When using this API with an access point, you must direct requests
914
+ # to the access point hostname. The access point hostname takes the
915
+ # form
916
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
917
+ # When using this operation with an access point through the AWS SDKs,
918
+ # you provide the access point ARN in place of the bucket name. For
919
+ # more information about access point ARNs, see [Using Access
920
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
921
+ #
922
+ # When using this API with Amazon S3 on Outposts, you must direct
923
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
924
+ # takes the form
925
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
926
+ # When using this operation using S3 on Outposts through the AWS SDKs,
927
+ # you provide the Outposts bucket ARN in place of the bucket name. For
928
+ # more information about S3 on Outposts ARNs, see [Using S3 on
929
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
930
+ #
931
+ #
932
+ #
933
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
934
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
894
935
  # @return [String]
895
936
  #
896
937
  # @!attribute [rw] key
@@ -969,6 +1010,7 @@ module Aws::S3
969
1010
  # },
970
1011
  # upload_id: "MultipartUploadId", # required
971
1012
  # request_payer: "requester", # accepts requester
1013
+ # expected_bucket_owner: "AccountId",
972
1014
  # }
973
1015
  #
974
1016
  # @!attribute [rw] bucket
@@ -999,6 +1041,12 @@ module Aws::S3
999
1041
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1000
1042
  # @return [String]
1001
1043
  #
1044
+ # @!attribute [rw] expected_bucket_owner
1045
+ # The account id of the expected bucket owner. If the bucket is owned
1046
+ # by a different account, the request will fail with an HTTP `403
1047
+ # (Access Denied)` error.
1048
+ # @return [String]
1049
+ #
1002
1050
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUploadRequest AWS API Documentation
1003
1051
  #
1004
1052
  class CompleteMultipartUploadRequest < Struct.new(
@@ -1006,7 +1054,8 @@ module Aws::S3
1006
1054
  :key,
1007
1055
  :multipart_upload,
1008
1056
  :upload_id,
1009
- :request_payer)
1057
+ :request_payer,
1058
+ :expected_bucket_owner)
1010
1059
  SENSITIVE = []
1011
1060
  include Aws::Structure
1012
1061
  end
@@ -1214,7 +1263,7 @@ module Aws::S3
1214
1263
  # metadata_directive: "COPY", # accepts COPY, REPLACE
1215
1264
  # tagging_directive: "COPY", # accepts COPY, REPLACE
1216
1265
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
1217
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
1266
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
1218
1267
  # website_redirect_location: "WebsiteRedirectLocation",
1219
1268
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1220
1269
  # sse_customer_key: "SSECustomerKey",
@@ -1229,14 +1278,41 @@ module Aws::S3
1229
1278
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
1230
1279
  # object_lock_retain_until_date: Time.now,
1231
1280
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
1281
+ # expected_bucket_owner: "AccountId",
1282
+ # expected_source_bucket_owner: "AccountId",
1232
1283
  # }
1233
1284
  #
1234
1285
  # @!attribute [rw] acl
1235
1286
  # The canned ACL to apply to the object.
1287
+ #
1288
+ # This action is not supported by Amazon S3 on Outposts.
1236
1289
  # @return [String]
1237
1290
  #
1238
1291
  # @!attribute [rw] bucket
1239
1292
  # The name of the destination bucket.
1293
+ #
1294
+ # When using this API with an access point, you must direct requests
1295
+ # to the access point hostname. The access point hostname takes the
1296
+ # form
1297
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
1298
+ # When using this operation with an access point through the AWS SDKs,
1299
+ # you provide the access point ARN in place of the bucket name. For
1300
+ # more information about access point ARNs, see [Using Access
1301
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
1302
+ #
1303
+ # When using this API with Amazon S3 on Outposts, you must direct
1304
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
1305
+ # takes the form
1306
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
1307
+ # When using this operation using S3 on Outposts through the AWS SDKs,
1308
+ # you provide the Outposts bucket ARN in place of the bucket name. For
1309
+ # more information about S3 on Outposts ARNs, see [Using S3 on
1310
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
1311
+ #
1312
+ #
1313
+ #
1314
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
1315
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
1240
1316
  # @return [String]
1241
1317
  #
1242
1318
  # @!attribute [rw] cache_control
@@ -1262,8 +1338,50 @@ module Aws::S3
1262
1338
  # @return [String]
1263
1339
  #
1264
1340
  # @!attribute [rw] copy_source
1265
- # The name of the source bucket and key name of the source object,
1266
- # separated by a slash (/). Must be URL-encoded.
1341
+ # Specifies the source object for the copy operation. You specify the
1342
+ # value in one of two formats, depending on whether you want to access
1343
+ # the source object through an [access point][1]\:
1344
+ #
1345
+ # * For objects not accessed through an access point, specify the name
1346
+ # of the source bucket and the key of the source object, separated
1347
+ # by a slash (/). For example, to copy the object
1348
+ # `reports/january.pdf` from the bucket `awsexamplebucket`, use
1349
+ # `awsexamplebucket/reports/january.pdf`. The value must be URL
1350
+ # encoded.
1351
+ #
1352
+ # * For objects accessed through access points, specify the Amazon
1353
+ # Resource Name (ARN) of the object as accessed through the access
1354
+ # point, in the format
1355
+ # `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
1356
+ # For example, to copy the object `reports/january.pdf` through
1357
+ # access point `my-access-point` owned by account `123456789012` in
1358
+ # Region `us-west-2`, use the URL encoding of
1359
+ # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
1360
+ # The value must be URL encoded.
1361
+ #
1362
+ # <note markdown="1"> Amazon S3 supports copy operations using access points only when
1363
+ # the source and destination buckets are in the same AWS Region.
1364
+ #
1365
+ # </note>
1366
+ #
1367
+ # Alternatively, for objects accessed through Amazon S3 on Outposts,
1368
+ # specify the ARN of the object as accessed in the format
1369
+ # `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
1370
+ # For example, to copy the object `reports/january.pdf` through
1371
+ # outpost `my-outpost` owned by account `123456789012` in Region
1372
+ # `us-west-2`, use the URL encoding of
1373
+ # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
1374
+ # The value must be URL encoded.
1375
+ #
1376
+ # To copy a specific version of an object, append
1377
+ # `?versionId=<version-id>` to the value (for example,
1378
+ # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
1379
+ # If you don't specify a version ID, Amazon S3 copies the latest
1380
+ # version of the source object.
1381
+ #
1382
+ #
1383
+ #
1384
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
1267
1385
  # @return [String]
1268
1386
  #
1269
1387
  # @!attribute [rw] copy_source_if_match
@@ -1292,18 +1410,26 @@ module Aws::S3
1292
1410
  # @!attribute [rw] grant_full_control
1293
1411
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1294
1412
  # object.
1413
+ #
1414
+ # This action is not supported by Amazon S3 on Outposts.
1295
1415
  # @return [String]
1296
1416
  #
1297
1417
  # @!attribute [rw] grant_read
1298
1418
  # Allows grantee to read the object data and its metadata.
1419
+ #
1420
+ # This action is not supported by Amazon S3 on Outposts.
1299
1421
  # @return [String]
1300
1422
  #
1301
1423
  # @!attribute [rw] grant_read_acp
1302
1424
  # Allows grantee to read the object ACL.
1425
+ #
1426
+ # This action is not supported by Amazon S3 on Outposts.
1303
1427
  # @return [String]
1304
1428
  #
1305
1429
  # @!attribute [rw] grant_write_acp
1306
1430
  # Allows grantee to write the ACL for the applicable object.
1431
+ #
1432
+ # This action is not supported by Amazon S3 on Outposts.
1307
1433
  # @return [String]
1308
1434
  #
1309
1435
  # @!attribute [rw] key
@@ -1330,7 +1456,16 @@ module Aws::S3
1330
1456
  # @return [String]
1331
1457
  #
1332
1458
  # @!attribute [rw] storage_class
1333
- # The type of storage to use for the object. Defaults to 'STANDARD'.
1459
+ # By default, Amazon S3 uses the STANDARD Storage Class to store newly
1460
+ # created objects. The STANDARD storage class provides high durability
1461
+ # and high availability. Depending on performance needs, you can
1462
+ # specify a different Storage Class. Amazon S3 on Outposts only uses
1463
+ # the OUTPOSTS Storage Class. For more information, see [Storage
1464
+ # Classes][1] in the *Amazon S3 Service Developer Guide*.
1465
+ #
1466
+ #
1467
+ #
1468
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
1334
1469
  # @return [String]
1335
1470
  #
1336
1471
  # @!attribute [rw] website_redirect_location
@@ -1350,7 +1485,7 @@ module Aws::S3
1350
1485
  # in encrypting data. This value is used to store the object and then
1351
1486
  # it is discarded; Amazon S3 does not store the encryption key. The
1352
1487
  # key must be appropriate for use with the algorithm specified in the
1353
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
1488
+ # `x-amz-server-side-encryption-customer-algorithm` header.
1354
1489
  # @return [String]
1355
1490
  #
1356
1491
  # @!attribute [rw] sse_customer_key_md5
@@ -1427,6 +1562,18 @@ module Aws::S3
1427
1562
  # object.
1428
1563
  # @return [String]
1429
1564
  #
1565
+ # @!attribute [rw] expected_bucket_owner
1566
+ # The account id of the expected destination bucket owner. If the
1567
+ # destination bucket is owned by a different account, the request will
1568
+ # fail with an HTTP `403 (Access Denied)` error.
1569
+ # @return [String]
1570
+ #
1571
+ # @!attribute [rw] expected_source_bucket_owner
1572
+ # The account id of the expected source bucket owner. If the source
1573
+ # bucket is owned by a different account, the request will fail with
1574
+ # an HTTP `403 (Access Denied)` error.
1575
+ # @return [String]
1576
+ #
1430
1577
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObjectRequest AWS API Documentation
1431
1578
  #
1432
1579
  class CopyObjectRequest < Struct.new(
@@ -1466,7 +1613,9 @@ module Aws::S3
1466
1613
  :tagging,
1467
1614
  :object_lock_mode,
1468
1615
  :object_lock_retain_until_date,
1469
- :object_lock_legal_hold_status)
1616
+ :object_lock_legal_hold_status,
1617
+ :expected_bucket_owner,
1618
+ :expected_source_bucket_owner)
1470
1619
  SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context, :copy_source_sse_customer_key]
1471
1620
  include Aws::Structure
1472
1621
  end
@@ -1645,20 +1794,30 @@ module Aws::S3
1645
1794
  # @return [String]
1646
1795
  #
1647
1796
  # @!attribute [rw] bucket
1648
- # Name of the bucket to which the multipart upload was initiated.
1797
+ # The name of the bucket to which the multipart upload was initiated.
1649
1798
  #
1650
1799
  # When using this API with an access point, you must direct requests
1651
1800
  # to the access point hostname. The access point hostname takes the
1652
1801
  # form
1653
1802
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
1654
- # When using this operation using an access point through the AWS
1655
- # SDKs, you provide the access point ARN in place of the bucket name.
1656
- # For more information about access point ARNs, see [Using Access
1803
+ # When using this operation with an access point through the AWS SDKs,
1804
+ # you provide the access point ARN in place of the bucket name. For
1805
+ # more information about access point ARNs, see [Using Access
1657
1806
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
1658
1807
  #
1808
+ # When using this API with Amazon S3 on Outposts, you must direct
1809
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
1810
+ # takes the form
1811
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
1812
+ # When using this operation using S3 on Outposts through the AWS SDKs,
1813
+ # you provide the Outposts bucket ARN in place of the bucket name. For
1814
+ # more information about S3 on Outposts ARNs, see [Using S3 on
1815
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
1816
+ #
1659
1817
  #
1660
1818
  #
1661
1819
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
1820
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
1662
1821
  # @return [String]
1663
1822
  #
1664
1823
  # @!attribute [rw] key
@@ -1744,7 +1903,7 @@ module Aws::S3
1744
1903
  # "MetadataKey" => "MetadataValue",
1745
1904
  # },
1746
1905
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
1747
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
1906
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
1748
1907
  # website_redirect_location: "WebsiteRedirectLocation",
1749
1908
  # sse_customer_algorithm: "SSECustomerAlgorithm",
1750
1909
  # sse_customer_key: "SSECustomerKey",
@@ -1756,14 +1915,40 @@ module Aws::S3
1756
1915
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
1757
1916
  # object_lock_retain_until_date: Time.now,
1758
1917
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
1918
+ # expected_bucket_owner: "AccountId",
1759
1919
  # }
1760
1920
  #
1761
1921
  # @!attribute [rw] acl
1762
1922
  # The canned ACL to apply to the object.
1923
+ #
1924
+ # This action is not supported by Amazon S3 on Outposts.
1763
1925
  # @return [String]
1764
1926
  #
1765
1927
  # @!attribute [rw] bucket
1766
1928
  # The name of the bucket to which to initiate the upload
1929
+ #
1930
+ # When using this API with an access point, you must direct requests
1931
+ # to the access point hostname. The access point hostname takes the
1932
+ # form
1933
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
1934
+ # When using this operation with an access point through the AWS SDKs,
1935
+ # you provide the access point ARN in place of the bucket name. For
1936
+ # more information about access point ARNs, see [Using Access
1937
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
1938
+ #
1939
+ # When using this API with Amazon S3 on Outposts, you must direct
1940
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
1941
+ # takes the form
1942
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
1943
+ # When using this operation using S3 on Outposts through the AWS SDKs,
1944
+ # you provide the Outposts bucket ARN in place of the bucket name. For
1945
+ # more information about S3 on Outposts ARNs, see [Using S3 on
1946
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
1947
+ #
1948
+ #
1949
+ #
1950
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
1951
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
1767
1952
  # @return [String]
1768
1953
  #
1769
1954
  # @!attribute [rw] cache_control
@@ -1795,18 +1980,26 @@ module Aws::S3
1795
1980
  # @!attribute [rw] grant_full_control
1796
1981
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
1797
1982
  # object.
1983
+ #
1984
+ # This action is not supported by Amazon S3 on Outposts.
1798
1985
  # @return [String]
1799
1986
  #
1800
1987
  # @!attribute [rw] grant_read
1801
1988
  # Allows grantee to read the object data and its metadata.
1989
+ #
1990
+ # This action is not supported by Amazon S3 on Outposts.
1802
1991
  # @return [String]
1803
1992
  #
1804
1993
  # @!attribute [rw] grant_read_acp
1805
1994
  # Allows grantee to read the object ACL.
1995
+ #
1996
+ # This action is not supported by Amazon S3 on Outposts.
1806
1997
  # @return [String]
1807
1998
  #
1808
1999
  # @!attribute [rw] grant_write_acp
1809
2000
  # Allows grantee to write the ACL for the applicable object.
2001
+ #
2002
+ # This action is not supported by Amazon S3 on Outposts.
1810
2003
  # @return [String]
1811
2004
  #
1812
2005
  # @!attribute [rw] key
@@ -1823,7 +2016,16 @@ module Aws::S3
1823
2016
  # @return [String]
1824
2017
  #
1825
2018
  # @!attribute [rw] storage_class
1826
- # The type of storage to use for the object. Defaults to 'STANDARD'.
2019
+ # By default, Amazon S3 uses the STANDARD Storage Class to store newly
2020
+ # created objects. The STANDARD storage class provides high durability
2021
+ # and high availability. Depending on performance needs, you can
2022
+ # specify a different Storage Class. Amazon S3 on Outposts only uses
2023
+ # the OUTPOSTS Storage Class. For more information, see [Storage
2024
+ # Classes][1] in the *Amazon S3 Service Developer Guide*.
2025
+ #
2026
+ #
2027
+ #
2028
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
1827
2029
  # @return [String]
1828
2030
  #
1829
2031
  # @!attribute [rw] website_redirect_location
@@ -1843,7 +2045,7 @@ module Aws::S3
1843
2045
  # in encrypting data. This value is used to store the object and then
1844
2046
  # it is discarded; Amazon S3 does not store the encryption key. The
1845
2047
  # key must be appropriate for use with the algorithm specified in the
1846
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
2048
+ # `x-amz-server-side-encryption-customer-algorithm` header.
1847
2049
  # @return [String]
1848
2050
  #
1849
2051
  # @!attribute [rw] sse_customer_key_md5
@@ -1903,6 +2105,12 @@ module Aws::S3
1903
2105
  # object.
1904
2106
  # @return [String]
1905
2107
  #
2108
+ # @!attribute [rw] expected_bucket_owner
2109
+ # The account id of the expected bucket owner. If the bucket is owned
2110
+ # by a different account, the request will fail with an HTTP `403
2111
+ # (Access Denied)` error.
2112
+ # @return [String]
2113
+ #
1906
2114
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUploadRequest AWS API Documentation
1907
2115
  #
1908
2116
  class CreateMultipartUploadRequest < Struct.new(
@@ -1932,7 +2140,8 @@ module Aws::S3
1932
2140
  :tagging,
1933
2141
  :object_lock_mode,
1934
2142
  :object_lock_retain_until_date,
1935
- :object_lock_legal_hold_status)
2143
+ :object_lock_legal_hold_status,
2144
+ :expected_bucket_owner)
1936
2145
  SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
1937
2146
  include Aws::Structure
1938
2147
  end
@@ -2013,6 +2222,7 @@ module Aws::S3
2013
2222
  # {
2014
2223
  # bucket: "BucketName", # required
2015
2224
  # id: "AnalyticsId", # required
2225
+ # expected_bucket_owner: "AccountId",
2016
2226
  # }
2017
2227
  #
2018
2228
  # @!attribute [rw] bucket
@@ -2024,11 +2234,18 @@ module Aws::S3
2024
2234
  # The ID that identifies the analytics configuration.
2025
2235
  # @return [String]
2026
2236
  #
2237
+ # @!attribute [rw] expected_bucket_owner
2238
+ # The account id of the expected bucket owner. If the bucket is owned
2239
+ # by a different account, the request will fail with an HTTP `403
2240
+ # (Access Denied)` error.
2241
+ # @return [String]
2242
+ #
2027
2243
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketAnalyticsConfigurationRequest AWS API Documentation
2028
2244
  #
2029
2245
  class DeleteBucketAnalyticsConfigurationRequest < Struct.new(
2030
2246
  :bucket,
2031
- :id)
2247
+ :id,
2248
+ :expected_bucket_owner)
2032
2249
  SENSITIVE = []
2033
2250
  include Aws::Structure
2034
2251
  end
@@ -2038,16 +2255,24 @@ module Aws::S3
2038
2255
  #
2039
2256
  # {
2040
2257
  # bucket: "BucketName", # required
2258
+ # expected_bucket_owner: "AccountId",
2041
2259
  # }
2042
2260
  #
2043
2261
  # @!attribute [rw] bucket
2044
2262
  # Specifies the bucket whose `cors` configuration is being deleted.
2045
2263
  # @return [String]
2046
2264
  #
2265
+ # @!attribute [rw] expected_bucket_owner
2266
+ # The account id of the expected bucket owner. If the bucket is owned
2267
+ # by a different account, the request will fail with an HTTP `403
2268
+ # (Access Denied)` error.
2269
+ # @return [String]
2270
+ #
2047
2271
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketCorsRequest AWS API Documentation
2048
2272
  #
2049
2273
  class DeleteBucketCorsRequest < Struct.new(
2050
- :bucket)
2274
+ :bucket,
2275
+ :expected_bucket_owner)
2051
2276
  SENSITIVE = []
2052
2277
  include Aws::Structure
2053
2278
  end
@@ -2057,6 +2282,7 @@ module Aws::S3
2057
2282
  #
2058
2283
  # {
2059
2284
  # bucket: "BucketName", # required
2285
+ # expected_bucket_owner: "AccountId",
2060
2286
  # }
2061
2287
  #
2062
2288
  # @!attribute [rw] bucket
@@ -2064,10 +2290,17 @@ module Aws::S3
2064
2290
  # configuration to delete.
2065
2291
  # @return [String]
2066
2292
  #
2293
+ # @!attribute [rw] expected_bucket_owner
2294
+ # The account id of the expected bucket owner. If the bucket is owned
2295
+ # by a different account, the request will fail with an HTTP `403
2296
+ # (Access Denied)` error.
2297
+ # @return [String]
2298
+ #
2067
2299
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketEncryptionRequest AWS API Documentation
2068
2300
  #
2069
2301
  class DeleteBucketEncryptionRequest < Struct.new(
2070
- :bucket)
2302
+ :bucket,
2303
+ :expected_bucket_owner)
2071
2304
  SENSITIVE = []
2072
2305
  include Aws::Structure
2073
2306
  end
@@ -2078,6 +2311,7 @@ module Aws::S3
2078
2311
  # {
2079
2312
  # bucket: "BucketName", # required
2080
2313
  # id: "InventoryId", # required
2314
+ # expected_bucket_owner: "AccountId",
2081
2315
  # }
2082
2316
  #
2083
2317
  # @!attribute [rw] bucket
@@ -2089,11 +2323,18 @@ module Aws::S3
2089
2323
  # The ID used to identify the inventory configuration.
2090
2324
  # @return [String]
2091
2325
  #
2326
+ # @!attribute [rw] expected_bucket_owner
2327
+ # The account id of the expected bucket owner. If the bucket is owned
2328
+ # by a different account, the request will fail with an HTTP `403
2329
+ # (Access Denied)` error.
2330
+ # @return [String]
2331
+ #
2092
2332
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketInventoryConfigurationRequest AWS API Documentation
2093
2333
  #
2094
2334
  class DeleteBucketInventoryConfigurationRequest < Struct.new(
2095
2335
  :bucket,
2096
- :id)
2336
+ :id,
2337
+ :expected_bucket_owner)
2097
2338
  SENSITIVE = []
2098
2339
  include Aws::Structure
2099
2340
  end
@@ -2103,16 +2344,24 @@ module Aws::S3
2103
2344
  #
2104
2345
  # {
2105
2346
  # bucket: "BucketName", # required
2347
+ # expected_bucket_owner: "AccountId",
2106
2348
  # }
2107
2349
  #
2108
2350
  # @!attribute [rw] bucket
2109
2351
  # The bucket name of the lifecycle to delete.
2110
2352
  # @return [String]
2111
2353
  #
2354
+ # @!attribute [rw] expected_bucket_owner
2355
+ # The account id of the expected bucket owner. If the bucket is owned
2356
+ # by a different account, the request will fail with an HTTP `403
2357
+ # (Access Denied)` error.
2358
+ # @return [String]
2359
+ #
2112
2360
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketLifecycleRequest AWS API Documentation
2113
2361
  #
2114
2362
  class DeleteBucketLifecycleRequest < Struct.new(
2115
- :bucket)
2363
+ :bucket,
2364
+ :expected_bucket_owner)
2116
2365
  SENSITIVE = []
2117
2366
  include Aws::Structure
2118
2367
  end
@@ -2123,6 +2372,7 @@ module Aws::S3
2123
2372
  # {
2124
2373
  # bucket: "BucketName", # required
2125
2374
  # id: "MetricsId", # required
2375
+ # expected_bucket_owner: "AccountId",
2126
2376
  # }
2127
2377
  #
2128
2378
  # @!attribute [rw] bucket
@@ -2134,11 +2384,42 @@ module Aws::S3
2134
2384
  # The ID used to identify the metrics configuration.
2135
2385
  # @return [String]
2136
2386
  #
2387
+ # @!attribute [rw] expected_bucket_owner
2388
+ # The account id of the expected bucket owner. If the bucket is owned
2389
+ # by a different account, the request will fail with an HTTP `403
2390
+ # (Access Denied)` error.
2391
+ # @return [String]
2392
+ #
2137
2393
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketMetricsConfigurationRequest AWS API Documentation
2138
2394
  #
2139
2395
  class DeleteBucketMetricsConfigurationRequest < Struct.new(
2140
2396
  :bucket,
2141
- :id)
2397
+ :id,
2398
+ :expected_bucket_owner)
2399
+ SENSITIVE = []
2400
+ include Aws::Structure
2401
+ end
2402
+
2403
+ # @note When making an API call, you may pass DeleteBucketOwnershipControlsRequest
2404
+ # data as a hash:
2405
+ #
2406
+ # {
2407
+ # bucket: "BucketName", # required
2408
+ # expected_bucket_owner: "AccountId",
2409
+ # }
2410
+ #
2411
+ # @!attribute [rw] bucket
2412
+ # The Amazon S3 bucket whose `OwnershipControls` you want to delete.
2413
+ # @return [String]
2414
+ #
2415
+ # @!attribute [rw] expected_bucket_owner
2416
+ # @return [String]
2417
+ #
2418
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControlsRequest AWS API Documentation
2419
+ #
2420
+ class DeleteBucketOwnershipControlsRequest < Struct.new(
2421
+ :bucket,
2422
+ :expected_bucket_owner)
2142
2423
  SENSITIVE = []
2143
2424
  include Aws::Structure
2144
2425
  end
@@ -2148,16 +2429,24 @@ module Aws::S3
2148
2429
  #
2149
2430
  # {
2150
2431
  # bucket: "BucketName", # required
2432
+ # expected_bucket_owner: "AccountId",
2151
2433
  # }
2152
2434
  #
2153
2435
  # @!attribute [rw] bucket
2154
2436
  # The bucket name.
2155
2437
  # @return [String]
2156
2438
  #
2439
+ # @!attribute [rw] expected_bucket_owner
2440
+ # The account id of the expected bucket owner. If the bucket is owned
2441
+ # by a different account, the request will fail with an HTTP `403
2442
+ # (Access Denied)` error.
2443
+ # @return [String]
2444
+ #
2157
2445
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketPolicyRequest AWS API Documentation
2158
2446
  #
2159
2447
  class DeleteBucketPolicyRequest < Struct.new(
2160
- :bucket)
2448
+ :bucket,
2449
+ :expected_bucket_owner)
2161
2450
  SENSITIVE = []
2162
2451
  include Aws::Structure
2163
2452
  end
@@ -2167,16 +2456,24 @@ module Aws::S3
2167
2456
  #
2168
2457
  # {
2169
2458
  # bucket: "BucketName", # required
2459
+ # expected_bucket_owner: "AccountId",
2170
2460
  # }
2171
2461
  #
2172
2462
  # @!attribute [rw] bucket
2173
2463
  # The bucket name.
2174
2464
  # @return [String]
2175
2465
  #
2466
+ # @!attribute [rw] expected_bucket_owner
2467
+ # The account id of the expected bucket owner. If the bucket is owned
2468
+ # by a different account, the request will fail with an HTTP `403
2469
+ # (Access Denied)` error.
2470
+ # @return [String]
2471
+ #
2176
2472
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketReplicationRequest AWS API Documentation
2177
2473
  #
2178
2474
  class DeleteBucketReplicationRequest < Struct.new(
2179
- :bucket)
2475
+ :bucket,
2476
+ :expected_bucket_owner)
2180
2477
  SENSITIVE = []
2181
2478
  include Aws::Structure
2182
2479
  end
@@ -2186,16 +2483,24 @@ module Aws::S3
2186
2483
  #
2187
2484
  # {
2188
2485
  # bucket: "BucketName", # required
2486
+ # expected_bucket_owner: "AccountId",
2189
2487
  # }
2190
2488
  #
2191
2489
  # @!attribute [rw] bucket
2192
2490
  # Specifies the bucket being deleted.
2193
2491
  # @return [String]
2194
2492
  #
2493
+ # @!attribute [rw] expected_bucket_owner
2494
+ # The account id of the expected bucket owner. If the bucket is owned
2495
+ # by a different account, the request will fail with an HTTP `403
2496
+ # (Access Denied)` error.
2497
+ # @return [String]
2498
+ #
2195
2499
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketRequest AWS API Documentation
2196
2500
  #
2197
2501
  class DeleteBucketRequest < Struct.new(
2198
- :bucket)
2502
+ :bucket,
2503
+ :expected_bucket_owner)
2199
2504
  SENSITIVE = []
2200
2505
  include Aws::Structure
2201
2506
  end
@@ -2205,16 +2510,24 @@ module Aws::S3
2205
2510
  #
2206
2511
  # {
2207
2512
  # bucket: "BucketName", # required
2513
+ # expected_bucket_owner: "AccountId",
2208
2514
  # }
2209
2515
  #
2210
2516
  # @!attribute [rw] bucket
2211
2517
  # The bucket that has the tag set to be removed.
2212
2518
  # @return [String]
2213
2519
  #
2520
+ # @!attribute [rw] expected_bucket_owner
2521
+ # The account id of the expected bucket owner. If the bucket is owned
2522
+ # by a different account, the request will fail with an HTTP `403
2523
+ # (Access Denied)` error.
2524
+ # @return [String]
2525
+ #
2214
2526
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketTaggingRequest AWS API Documentation
2215
2527
  #
2216
2528
  class DeleteBucketTaggingRequest < Struct.new(
2217
- :bucket)
2529
+ :bucket,
2530
+ :expected_bucket_owner)
2218
2531
  SENSITIVE = []
2219
2532
  include Aws::Structure
2220
2533
  end
@@ -2224,6 +2537,7 @@ module Aws::S3
2224
2537
  #
2225
2538
  # {
2226
2539
  # bucket: "BucketName", # required
2540
+ # expected_bucket_owner: "AccountId",
2227
2541
  # }
2228
2542
  #
2229
2543
  # @!attribute [rw] bucket
@@ -2231,10 +2545,17 @@ module Aws::S3
2231
2545
  # configuration.
2232
2546
  # @return [String]
2233
2547
  #
2548
+ # @!attribute [rw] expected_bucket_owner
2549
+ # The account id of the expected bucket owner. If the bucket is owned
2550
+ # by a different account, the request will fail with an HTTP `403
2551
+ # (Access Denied)` error.
2552
+ # @return [String]
2553
+ #
2234
2554
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketWebsiteRequest AWS API Documentation
2235
2555
  #
2236
2556
  class DeleteBucketWebsiteRequest < Struct.new(
2237
- :bucket)
2557
+ :bucket,
2558
+ :expected_bucket_owner)
2238
2559
  SENSITIVE = []
2239
2560
  include Aws::Structure
2240
2561
  end
@@ -2353,6 +2674,7 @@ module Aws::S3
2353
2674
  # version_id: "ObjectVersionId",
2354
2675
  # request_payer: "requester", # accepts requester
2355
2676
  # bypass_governance_retention: false,
2677
+ # expected_bucket_owner: "AccountId",
2356
2678
  # }
2357
2679
  #
2358
2680
  # @!attribute [rw] bucket
@@ -2362,14 +2684,24 @@ module Aws::S3
2362
2684
  # to the access point hostname. The access point hostname takes the
2363
2685
  # form
2364
2686
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2365
- # When using this operation using an access point through the AWS
2366
- # SDKs, you provide the access point ARN in place of the bucket name.
2367
- # For more information about access point ARNs, see [Using Access
2687
+ # When using this operation with an access point through the AWS SDKs,
2688
+ # you provide the access point ARN in place of the bucket name. For
2689
+ # more information about access point ARNs, see [Using Access
2368
2690
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
2369
2691
  #
2692
+ # When using this API with Amazon S3 on Outposts, you must direct
2693
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2694
+ # takes the form
2695
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2696
+ # When using this operation using S3 on Outposts through the AWS SDKs,
2697
+ # you provide the Outposts bucket ARN in place of the bucket name. For
2698
+ # more information about S3 on Outposts ARNs, see [Using S3 on
2699
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
2700
+ #
2370
2701
  #
2371
2702
  #
2372
2703
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
2704
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
2373
2705
  # @return [String]
2374
2706
  #
2375
2707
  # @!attribute [rw] key
@@ -2404,6 +2736,12 @@ module Aws::S3
2404
2736
  # restrictions to process this operation.
2405
2737
  # @return [Boolean]
2406
2738
  #
2739
+ # @!attribute [rw] expected_bucket_owner
2740
+ # The account id of the expected bucket owner. If the bucket is owned
2741
+ # by a different account, the request will fail with an HTTP `403
2742
+ # (Access Denied)` error.
2743
+ # @return [String]
2744
+ #
2407
2745
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectRequest AWS API Documentation
2408
2746
  #
2409
2747
  class DeleteObjectRequest < Struct.new(
@@ -2412,7 +2750,8 @@ module Aws::S3
2412
2750
  :mfa,
2413
2751
  :version_id,
2414
2752
  :request_payer,
2415
- :bypass_governance_retention)
2753
+ :bypass_governance_retention,
2754
+ :expected_bucket_owner)
2416
2755
  SENSITIVE = []
2417
2756
  include Aws::Structure
2418
2757
  end
@@ -2436,6 +2775,7 @@ module Aws::S3
2436
2775
  # bucket: "BucketName", # required
2437
2776
  # key: "ObjectKey", # required
2438
2777
  # version_id: "ObjectVersionId",
2778
+ # expected_bucket_owner: "AccountId",
2439
2779
  # }
2440
2780
  #
2441
2781
  # @!attribute [rw] bucket
@@ -2446,14 +2786,24 @@ module Aws::S3
2446
2786
  # to the access point hostname. The access point hostname takes the
2447
2787
  # form
2448
2788
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2449
- # When using this operation using an access point through the AWS
2450
- # SDKs, you provide the access point ARN in place of the bucket name.
2451
- # For more information about access point ARNs, see [Using Access
2789
+ # When using this operation with an access point through the AWS SDKs,
2790
+ # you provide the access point ARN in place of the bucket name. For
2791
+ # more information about access point ARNs, see [Using Access
2452
2792
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
2453
2793
  #
2794
+ # When using this API with Amazon S3 on Outposts, you must direct
2795
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2796
+ # takes the form
2797
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2798
+ # When using this operation using S3 on Outposts through the AWS SDKs,
2799
+ # you provide the Outposts bucket ARN in place of the bucket name. For
2800
+ # more information about S3 on Outposts ARNs, see [Using S3 on
2801
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
2802
+ #
2454
2803
  #
2455
2804
  #
2456
2805
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
2806
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
2457
2807
  # @return [String]
2458
2808
  #
2459
2809
  # @!attribute [rw] key
@@ -2464,12 +2814,19 @@ module Aws::S3
2464
2814
  # The versionId of the object that the tag-set will be removed from.
2465
2815
  # @return [String]
2466
2816
  #
2817
+ # @!attribute [rw] expected_bucket_owner
2818
+ # The account id of the expected bucket owner. If the bucket is owned
2819
+ # by a different account, the request will fail with an HTTP `403
2820
+ # (Access Denied)` error.
2821
+ # @return [String]
2822
+ #
2467
2823
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectTaggingRequest AWS API Documentation
2468
2824
  #
2469
2825
  class DeleteObjectTaggingRequest < Struct.new(
2470
2826
  :bucket,
2471
2827
  :key,
2472
- :version_id)
2828
+ :version_id,
2829
+ :expected_bucket_owner)
2473
2830
  SENSITIVE = []
2474
2831
  include Aws::Structure
2475
2832
  end
@@ -2516,6 +2873,7 @@ module Aws::S3
2516
2873
  # mfa: "MFA",
2517
2874
  # request_payer: "requester", # accepts requester
2518
2875
  # bypass_governance_retention: false,
2876
+ # expected_bucket_owner: "AccountId",
2519
2877
  # }
2520
2878
  #
2521
2879
  # @!attribute [rw] bucket
@@ -2525,14 +2883,24 @@ module Aws::S3
2525
2883
  # to the access point hostname. The access point hostname takes the
2526
2884
  # form
2527
2885
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2528
- # When using this operation using an access point through the AWS
2529
- # SDKs, you provide the access point ARN in place of the bucket name.
2530
- # For more information about access point ARNs, see [Using Access
2886
+ # When using this operation with an access point through the AWS SDKs,
2887
+ # you provide the access point ARN in place of the bucket name. For
2888
+ # more information about access point ARNs, see [Using Access
2531
2889
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
2532
2890
  #
2891
+ # When using this API with Amazon S3 on Outposts, you must direct
2892
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2893
+ # takes the form
2894
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2895
+ # When using this operation using S3 on Outposts through the AWS SDKs,
2896
+ # you provide the Outposts bucket ARN in place of the bucket name. For
2897
+ # more information about S3 on Outposts ARNs, see [Using S3 on
2898
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
2899
+ #
2533
2900
  #
2534
2901
  #
2535
2902
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
2903
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
2536
2904
  # @return [String]
2537
2905
  #
2538
2906
  # @!attribute [rw] delete
@@ -2564,6 +2932,12 @@ module Aws::S3
2564
2932
  # permissions to perform this operation.
2565
2933
  # @return [Boolean]
2566
2934
  #
2935
+ # @!attribute [rw] expected_bucket_owner
2936
+ # The account id of the expected bucket owner. If the bucket is owned
2937
+ # by a different account, the request will fail with an HTTP `403
2938
+ # (Access Denied)` error.
2939
+ # @return [String]
2940
+ #
2567
2941
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteObjectsRequest AWS API Documentation
2568
2942
  #
2569
2943
  class DeleteObjectsRequest < Struct.new(
@@ -2571,7 +2945,8 @@ module Aws::S3
2571
2945
  :delete,
2572
2946
  :mfa,
2573
2947
  :request_payer,
2574
- :bypass_governance_retention)
2948
+ :bypass_governance_retention,
2949
+ :expected_bucket_owner)
2575
2950
  SENSITIVE = []
2576
2951
  include Aws::Structure
2577
2952
  end
@@ -2581,6 +2956,7 @@ module Aws::S3
2581
2956
  #
2582
2957
  # {
2583
2958
  # bucket: "BucketName", # required
2959
+ # expected_bucket_owner: "AccountId",
2584
2960
  # }
2585
2961
  #
2586
2962
  # @!attribute [rw] bucket
@@ -2588,10 +2964,17 @@ module Aws::S3
2588
2964
  # want to delete.
2589
2965
  # @return [String]
2590
2966
  #
2967
+ # @!attribute [rw] expected_bucket_owner
2968
+ # The account id of the expected bucket owner. If the bucket is owned
2969
+ # by a different account, the request will fail with an HTTP `403
2970
+ # (Access Denied)` error.
2971
+ # @return [String]
2972
+ #
2591
2973
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeletePublicAccessBlockRequest AWS API Documentation
2592
2974
  #
2593
2975
  class DeletePublicAccessBlockRequest < Struct.new(
2594
- :bucket)
2976
+ :bucket,
2977
+ :expected_bucket_owner)
2595
2978
  SENSITIVE = []
2596
2979
  include Aws::Structure
2597
2980
  end
@@ -2641,7 +3024,7 @@ module Aws::S3
2641
3024
  # {
2642
3025
  # bucket: "BucketName", # required
2643
3026
  # account: "AccountId",
2644
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
3027
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
2645
3028
  # access_control_translation: {
2646
3029
  # owner: "Destination", # required, accepts Destination
2647
3030
  # },
@@ -3750,17 +4133,25 @@ module Aws::S3
3750
4133
  #
3751
4134
  # {
3752
4135
  # bucket: "BucketName", # required
4136
+ # expected_bucket_owner: "AccountId",
3753
4137
  # }
3754
4138
  #
3755
4139
  # @!attribute [rw] bucket
3756
- # Name of the bucket for which the accelerate configuration is
4140
+ # The name of the bucket for which the accelerate configuration is
3757
4141
  # retrieved.
3758
4142
  # @return [String]
3759
4143
  #
4144
+ # @!attribute [rw] expected_bucket_owner
4145
+ # The account id of the expected bucket owner. If the bucket is owned
4146
+ # by a different account, the request will fail with an HTTP `403
4147
+ # (Access Denied)` error.
4148
+ # @return [String]
4149
+ #
3760
4150
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAccelerateConfigurationRequest AWS API Documentation
3761
4151
  #
3762
4152
  class GetBucketAccelerateConfigurationRequest < Struct.new(
3763
- :bucket)
4153
+ :bucket,
4154
+ :expected_bucket_owner)
3764
4155
  SENSITIVE = []
3765
4156
  include Aws::Structure
3766
4157
  end
@@ -3787,16 +4178,24 @@ module Aws::S3
3787
4178
  #
3788
4179
  # {
3789
4180
  # bucket: "BucketName", # required
4181
+ # expected_bucket_owner: "AccountId",
3790
4182
  # }
3791
4183
  #
3792
4184
  # @!attribute [rw] bucket
3793
4185
  # Specifies the S3 bucket whose ACL is being requested.
3794
4186
  # @return [String]
3795
4187
  #
4188
+ # @!attribute [rw] expected_bucket_owner
4189
+ # The account id of the expected bucket owner. If the bucket is owned
4190
+ # by a different account, the request will fail with an HTTP `403
4191
+ # (Access Denied)` error.
4192
+ # @return [String]
4193
+ #
3796
4194
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAclRequest AWS API Documentation
3797
4195
  #
3798
4196
  class GetBucketAclRequest < Struct.new(
3799
- :bucket)
4197
+ :bucket,
4198
+ :expected_bucket_owner)
3800
4199
  SENSITIVE = []
3801
4200
  include Aws::Structure
3802
4201
  end
@@ -3819,6 +4218,7 @@ module Aws::S3
3819
4218
  # {
3820
4219
  # bucket: "BucketName", # required
3821
4220
  # id: "AnalyticsId", # required
4221
+ # expected_bucket_owner: "AccountId",
3822
4222
  # }
3823
4223
  #
3824
4224
  # @!attribute [rw] bucket
@@ -3830,11 +4230,18 @@ module Aws::S3
3830
4230
  # The ID that identifies the analytics configuration.
3831
4231
  # @return [String]
3832
4232
  #
4233
+ # @!attribute [rw] expected_bucket_owner
4234
+ # The account id of the expected bucket owner. If the bucket is owned
4235
+ # by a different account, the request will fail with an HTTP `403
4236
+ # (Access Denied)` error.
4237
+ # @return [String]
4238
+ #
3833
4239
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAnalyticsConfigurationRequest AWS API Documentation
3834
4240
  #
3835
4241
  class GetBucketAnalyticsConfigurationRequest < Struct.new(
3836
4242
  :bucket,
3837
- :id)
4243
+ :id,
4244
+ :expected_bucket_owner)
3838
4245
  SENSITIVE = []
3839
4246
  include Aws::Structure
3840
4247
  end
@@ -3857,16 +4264,24 @@ module Aws::S3
3857
4264
  #
3858
4265
  # {
3859
4266
  # bucket: "BucketName", # required
4267
+ # expected_bucket_owner: "AccountId",
3860
4268
  # }
3861
4269
  #
3862
4270
  # @!attribute [rw] bucket
3863
4271
  # The bucket name for which to get the cors configuration.
3864
4272
  # @return [String]
3865
4273
  #
4274
+ # @!attribute [rw] expected_bucket_owner
4275
+ # The account id of the expected bucket owner. If the bucket is owned
4276
+ # by a different account, the request will fail with an HTTP `403
4277
+ # (Access Denied)` error.
4278
+ # @return [String]
4279
+ #
3866
4280
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketCorsRequest AWS API Documentation
3867
4281
  #
3868
4282
  class GetBucketCorsRequest < Struct.new(
3869
- :bucket)
4283
+ :bucket,
4284
+ :expected_bucket_owner)
3870
4285
  SENSITIVE = []
3871
4286
  include Aws::Structure
3872
4287
  end
@@ -3888,6 +4303,7 @@ module Aws::S3
3888
4303
  #
3889
4304
  # {
3890
4305
  # bucket: "BucketName", # required
4306
+ # expected_bucket_owner: "AccountId",
3891
4307
  # }
3892
4308
  #
3893
4309
  # @!attribute [rw] bucket
@@ -3895,10 +4311,17 @@ module Aws::S3
3895
4311
  # configuration is retrieved.
3896
4312
  # @return [String]
3897
4313
  #
4314
+ # @!attribute [rw] expected_bucket_owner
4315
+ # The account id of the expected bucket owner. If the bucket is owned
4316
+ # by a different account, the request will fail with an HTTP `403
4317
+ # (Access Denied)` error.
4318
+ # @return [String]
4319
+ #
3898
4320
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryptionRequest AWS API Documentation
3899
4321
  #
3900
4322
  class GetBucketEncryptionRequest < Struct.new(
3901
- :bucket)
4323
+ :bucket,
4324
+ :expected_bucket_owner)
3902
4325
  SENSITIVE = []
3903
4326
  include Aws::Structure
3904
4327
  end
@@ -3921,6 +4344,7 @@ module Aws::S3
3921
4344
  # {
3922
4345
  # bucket: "BucketName", # required
3923
4346
  # id: "InventoryId", # required
4347
+ # expected_bucket_owner: "AccountId",
3924
4348
  # }
3925
4349
  #
3926
4350
  # @!attribute [rw] bucket
@@ -3932,11 +4356,18 @@ module Aws::S3
3932
4356
  # The ID used to identify the inventory configuration.
3933
4357
  # @return [String]
3934
4358
  #
4359
+ # @!attribute [rw] expected_bucket_owner
4360
+ # The account id of the expected bucket owner. If the bucket is owned
4361
+ # by a different account, the request will fail with an HTTP `403
4362
+ # (Access Denied)` error.
4363
+ # @return [String]
4364
+ #
3935
4365
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketInventoryConfigurationRequest AWS API Documentation
3936
4366
  #
3937
4367
  class GetBucketInventoryConfigurationRequest < Struct.new(
3938
4368
  :bucket,
3939
- :id)
4369
+ :id,
4370
+ :expected_bucket_owner)
3940
4371
  SENSITIVE = []
3941
4372
  include Aws::Structure
3942
4373
  end
@@ -3958,16 +4389,24 @@ module Aws::S3
3958
4389
  #
3959
4390
  # {
3960
4391
  # bucket: "BucketName", # required
4392
+ # expected_bucket_owner: "AccountId",
3961
4393
  # }
3962
4394
  #
3963
4395
  # @!attribute [rw] bucket
3964
4396
  # The name of the bucket for which to get the lifecycle information.
3965
4397
  # @return [String]
3966
4398
  #
4399
+ # @!attribute [rw] expected_bucket_owner
4400
+ # The account id of the expected bucket owner. If the bucket is owned
4401
+ # by a different account, the request will fail with an HTTP `403
4402
+ # (Access Denied)` error.
4403
+ # @return [String]
4404
+ #
3967
4405
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleConfigurationRequest AWS API Documentation
3968
4406
  #
3969
4407
  class GetBucketLifecycleConfigurationRequest < Struct.new(
3970
- :bucket)
4408
+ :bucket,
4409
+ :expected_bucket_owner)
3971
4410
  SENSITIVE = []
3972
4411
  include Aws::Structure
3973
4412
  end
@@ -3989,16 +4428,24 @@ module Aws::S3
3989
4428
  #
3990
4429
  # {
3991
4430
  # bucket: "BucketName", # required
4431
+ # expected_bucket_owner: "AccountId",
3992
4432
  # }
3993
4433
  #
3994
4434
  # @!attribute [rw] bucket
3995
4435
  # The name of the bucket for which to get the lifecycle information.
3996
4436
  # @return [String]
3997
4437
  #
4438
+ # @!attribute [rw] expected_bucket_owner
4439
+ # The account id of the expected bucket owner. If the bucket is owned
4440
+ # by a different account, the request will fail with an HTTP `403
4441
+ # (Access Denied)` error.
4442
+ # @return [String]
4443
+ #
3998
4444
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLifecycleRequest AWS API Documentation
3999
4445
  #
4000
4446
  class GetBucketLifecycleRequest < Struct.new(
4001
- :bucket)
4447
+ :bucket,
4448
+ :expected_bucket_owner)
4002
4449
  SENSITIVE = []
4003
4450
  include Aws::Structure
4004
4451
  end
@@ -4027,16 +4474,24 @@ module Aws::S3
4027
4474
  #
4028
4475
  # {
4029
4476
  # bucket: "BucketName", # required
4477
+ # expected_bucket_owner: "AccountId",
4030
4478
  # }
4031
4479
  #
4032
4480
  # @!attribute [rw] bucket
4033
4481
  # The name of the bucket for which to get the location.
4034
4482
  # @return [String]
4035
4483
  #
4484
+ # @!attribute [rw] expected_bucket_owner
4485
+ # The account id of the expected bucket owner. If the bucket is owned
4486
+ # by a different account, the request will fail with an HTTP `403
4487
+ # (Access Denied)` error.
4488
+ # @return [String]
4489
+ #
4036
4490
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLocationRequest AWS API Documentation
4037
4491
  #
4038
4492
  class GetBucketLocationRequest < Struct.new(
4039
- :bucket)
4493
+ :bucket,
4494
+ :expected_bucket_owner)
4040
4495
  SENSITIVE = []
4041
4496
  include Aws::Structure
4042
4497
  end
@@ -4065,16 +4520,24 @@ module Aws::S3
4065
4520
  #
4066
4521
  # {
4067
4522
  # bucket: "BucketName", # required
4523
+ # expected_bucket_owner: "AccountId",
4068
4524
  # }
4069
4525
  #
4070
4526
  # @!attribute [rw] bucket
4071
4527
  # The bucket name for which to get the logging information.
4072
4528
  # @return [String]
4073
4529
  #
4530
+ # @!attribute [rw] expected_bucket_owner
4531
+ # The account id of the expected bucket owner. If the bucket is owned
4532
+ # by a different account, the request will fail with an HTTP `403
4533
+ # (Access Denied)` error.
4534
+ # @return [String]
4535
+ #
4074
4536
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketLoggingRequest AWS API Documentation
4075
4537
  #
4076
4538
  class GetBucketLoggingRequest < Struct.new(
4077
- :bucket)
4539
+ :bucket,
4540
+ :expected_bucket_owner)
4078
4541
  SENSITIVE = []
4079
4542
  include Aws::Structure
4080
4543
  end
@@ -4097,6 +4560,7 @@ module Aws::S3
4097
4560
  # {
4098
4561
  # bucket: "BucketName", # required
4099
4562
  # id: "MetricsId", # required
4563
+ # expected_bucket_owner: "AccountId",
4100
4564
  # }
4101
4565
  #
4102
4566
  # @!attribute [rw] bucket
@@ -4108,11 +4572,18 @@ module Aws::S3
4108
4572
  # The ID used to identify the metrics configuration.
4109
4573
  # @return [String]
4110
4574
  #
4575
+ # @!attribute [rw] expected_bucket_owner
4576
+ # The account id of the expected bucket owner. If the bucket is owned
4577
+ # by a different account, the request will fail with an HTTP `403
4578
+ # (Access Denied)` error.
4579
+ # @return [String]
4580
+ #
4111
4581
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfigurationRequest AWS API Documentation
4112
4582
  #
4113
4583
  class GetBucketMetricsConfigurationRequest < Struct.new(
4114
4584
  :bucket,
4115
- :id)
4585
+ :id,
4586
+ :expected_bucket_owner)
4116
4587
  SENSITIVE = []
4117
4588
  include Aws::Structure
4118
4589
  end
@@ -4122,16 +4593,63 @@ module Aws::S3
4122
4593
  #
4123
4594
  # {
4124
4595
  # bucket: "BucketName", # required
4596
+ # expected_bucket_owner: "AccountId",
4125
4597
  # }
4126
4598
  #
4127
4599
  # @!attribute [rw] bucket
4128
- # Name of the bucket for which to get the notification configuration.
4600
+ # The name of the bucket for which to get the notification
4601
+ # configuration.
4602
+ # @return [String]
4603
+ #
4604
+ # @!attribute [rw] expected_bucket_owner
4605
+ # The account id of the expected bucket owner. If the bucket is owned
4606
+ # by a different account, the request will fail with an HTTP `403
4607
+ # (Access Denied)` error.
4129
4608
  # @return [String]
4130
4609
  #
4131
4610
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketNotificationConfigurationRequest AWS API Documentation
4132
4611
  #
4133
4612
  class GetBucketNotificationConfigurationRequest < Struct.new(
4134
- :bucket)
4613
+ :bucket,
4614
+ :expected_bucket_owner)
4615
+ SENSITIVE = []
4616
+ include Aws::Structure
4617
+ end
4618
+
4619
+ # @!attribute [rw] ownership_controls
4620
+ # The `OwnershipControls` (BucketOwnerPreferred or ObjectWriter)
4621
+ # currently in effect for this Amazon S3 bucket.
4622
+ # @return [Types::OwnershipControls]
4623
+ #
4624
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControlsOutput AWS API Documentation
4625
+ #
4626
+ class GetBucketOwnershipControlsOutput < Struct.new(
4627
+ :ownership_controls)
4628
+ SENSITIVE = []
4629
+ include Aws::Structure
4630
+ end
4631
+
4632
+ # @note When making an API call, you may pass GetBucketOwnershipControlsRequest
4633
+ # data as a hash:
4634
+ #
4635
+ # {
4636
+ # bucket: "BucketName", # required
4637
+ # expected_bucket_owner: "AccountId",
4638
+ # }
4639
+ #
4640
+ # @!attribute [rw] bucket
4641
+ # The name of the Amazon S3 bucket whose `OwnershipControls` you want
4642
+ # to retrieve.
4643
+ # @return [String]
4644
+ #
4645
+ # @!attribute [rw] expected_bucket_owner
4646
+ # @return [String]
4647
+ #
4648
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControlsRequest AWS API Documentation
4649
+ #
4650
+ class GetBucketOwnershipControlsRequest < Struct.new(
4651
+ :bucket,
4652
+ :expected_bucket_owner)
4135
4653
  SENSITIVE = []
4136
4654
  include Aws::Structure
4137
4655
  end
@@ -4153,16 +4671,24 @@ module Aws::S3
4153
4671
  #
4154
4672
  # {
4155
4673
  # bucket: "BucketName", # required
4674
+ # expected_bucket_owner: "AccountId",
4156
4675
  # }
4157
4676
  #
4158
4677
  # @!attribute [rw] bucket
4159
4678
  # The bucket name for which to get the bucket policy.
4160
4679
  # @return [String]
4161
4680
  #
4681
+ # @!attribute [rw] expected_bucket_owner
4682
+ # The account id of the expected bucket owner. If the bucket is owned
4683
+ # by a different account, the request will fail with an HTTP `403
4684
+ # (Access Denied)` error.
4685
+ # @return [String]
4686
+ #
4162
4687
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyRequest AWS API Documentation
4163
4688
  #
4164
4689
  class GetBucketPolicyRequest < Struct.new(
4165
- :bucket)
4690
+ :bucket,
4691
+ :expected_bucket_owner)
4166
4692
  SENSITIVE = []
4167
4693
  include Aws::Structure
4168
4694
  end
@@ -4184,6 +4710,7 @@ module Aws::S3
4184
4710
  #
4185
4711
  # {
4186
4712
  # bucket: "BucketName", # required
4713
+ # expected_bucket_owner: "AccountId",
4187
4714
  # }
4188
4715
  #
4189
4716
  # @!attribute [rw] bucket
@@ -4191,10 +4718,17 @@ module Aws::S3
4191
4718
  # retrieve.
4192
4719
  # @return [String]
4193
4720
  #
4721
+ # @!attribute [rw] expected_bucket_owner
4722
+ # The account id of the expected bucket owner. If the bucket is owned
4723
+ # by a different account, the request will fail with an HTTP `403
4724
+ # (Access Denied)` error.
4725
+ # @return [String]
4726
+ #
4194
4727
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketPolicyStatusRequest AWS API Documentation
4195
4728
  #
4196
4729
  class GetBucketPolicyStatusRequest < Struct.new(
4197
- :bucket)
4730
+ :bucket,
4731
+ :expected_bucket_owner)
4198
4732
  SENSITIVE = []
4199
4733
  include Aws::Structure
4200
4734
  end
@@ -4217,16 +4751,24 @@ module Aws::S3
4217
4751
  #
4218
4752
  # {
4219
4753
  # bucket: "BucketName", # required
4754
+ # expected_bucket_owner: "AccountId",
4220
4755
  # }
4221
4756
  #
4222
4757
  # @!attribute [rw] bucket
4223
4758
  # The bucket name for which to get the replication information.
4224
4759
  # @return [String]
4225
4760
  #
4761
+ # @!attribute [rw] expected_bucket_owner
4762
+ # The account id of the expected bucket owner. If the bucket is owned
4763
+ # by a different account, the request will fail with an HTTP `403
4764
+ # (Access Denied)` error.
4765
+ # @return [String]
4766
+ #
4226
4767
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketReplicationRequest AWS API Documentation
4227
4768
  #
4228
4769
  class GetBucketReplicationRequest < Struct.new(
4229
- :bucket)
4770
+ :bucket,
4771
+ :expected_bucket_owner)
4230
4772
  SENSITIVE = []
4231
4773
  include Aws::Structure
4232
4774
  end
@@ -4248,6 +4790,7 @@ module Aws::S3
4248
4790
  #
4249
4791
  # {
4250
4792
  # bucket: "BucketName", # required
4793
+ # expected_bucket_owner: "AccountId",
4251
4794
  # }
4252
4795
  #
4253
4796
  # @!attribute [rw] bucket
@@ -4255,10 +4798,17 @@ module Aws::S3
4255
4798
  # configuration
4256
4799
  # @return [String]
4257
4800
  #
4801
+ # @!attribute [rw] expected_bucket_owner
4802
+ # The account id of the expected bucket owner. If the bucket is owned
4803
+ # by a different account, the request will fail with an HTTP `403
4804
+ # (Access Denied)` error.
4805
+ # @return [String]
4806
+ #
4258
4807
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketRequestPaymentRequest AWS API Documentation
4259
4808
  #
4260
4809
  class GetBucketRequestPaymentRequest < Struct.new(
4261
- :bucket)
4810
+ :bucket,
4811
+ :expected_bucket_owner)
4262
4812
  SENSITIVE = []
4263
4813
  include Aws::Structure
4264
4814
  end
@@ -4280,16 +4830,24 @@ module Aws::S3
4280
4830
  #
4281
4831
  # {
4282
4832
  # bucket: "BucketName", # required
4833
+ # expected_bucket_owner: "AccountId",
4283
4834
  # }
4284
4835
  #
4285
4836
  # @!attribute [rw] bucket
4286
4837
  # The name of the bucket for which to get the tagging information.
4287
4838
  # @return [String]
4288
4839
  #
4840
+ # @!attribute [rw] expected_bucket_owner
4841
+ # The account id of the expected bucket owner. If the bucket is owned
4842
+ # by a different account, the request will fail with an HTTP `403
4843
+ # (Access Denied)` error.
4844
+ # @return [String]
4845
+ #
4289
4846
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketTaggingRequest AWS API Documentation
4290
4847
  #
4291
4848
  class GetBucketTaggingRequest < Struct.new(
4292
- :bucket)
4849
+ :bucket,
4850
+ :expected_bucket_owner)
4293
4851
  SENSITIVE = []
4294
4852
  include Aws::Structure
4295
4853
  end
@@ -4319,16 +4877,24 @@ module Aws::S3
4319
4877
  #
4320
4878
  # {
4321
4879
  # bucket: "BucketName", # required
4880
+ # expected_bucket_owner: "AccountId",
4322
4881
  # }
4323
4882
  #
4324
4883
  # @!attribute [rw] bucket
4325
4884
  # The name of the bucket for which to get the versioning information.
4326
4885
  # @return [String]
4327
4886
  #
4887
+ # @!attribute [rw] expected_bucket_owner
4888
+ # The account id of the expected bucket owner. If the bucket is owned
4889
+ # by a different account, the request will fail with an HTTP `403
4890
+ # (Access Denied)` error.
4891
+ # @return [String]
4892
+ #
4328
4893
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketVersioningRequest AWS API Documentation
4329
4894
  #
4330
4895
  class GetBucketVersioningRequest < Struct.new(
4331
- :bucket)
4896
+ :bucket,
4897
+ :expected_bucket_owner)
4332
4898
  SENSITIVE = []
4333
4899
  include Aws::Structure
4334
4900
  end
@@ -4369,16 +4935,24 @@ module Aws::S3
4369
4935
  #
4370
4936
  # {
4371
4937
  # bucket: "BucketName", # required
4938
+ # expected_bucket_owner: "AccountId",
4372
4939
  # }
4373
4940
  #
4374
4941
  # @!attribute [rw] bucket
4375
4942
  # The bucket name for which to get the website configuration.
4376
4943
  # @return [String]
4377
4944
  #
4945
+ # @!attribute [rw] expected_bucket_owner
4946
+ # The account id of the expected bucket owner. If the bucket is owned
4947
+ # by a different account, the request will fail with an HTTP `403
4948
+ # (Access Denied)` error.
4949
+ # @return [String]
4950
+ #
4378
4951
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketWebsiteRequest AWS API Documentation
4379
4952
  #
4380
4953
  class GetBucketWebsiteRequest < Struct.new(
4381
- :bucket)
4954
+ :bucket,
4955
+ :expected_bucket_owner)
4382
4956
  SENSITIVE = []
4383
4957
  include Aws::Structure
4384
4958
  end
@@ -4414,6 +4988,7 @@ module Aws::S3
4414
4988
  # key: "ObjectKey", # required
4415
4989
  # version_id: "ObjectVersionId",
4416
4990
  # request_payer: "requester", # accepts requester
4991
+ # expected_bucket_owner: "AccountId",
4417
4992
  # }
4418
4993
  #
4419
4994
  # @!attribute [rw] bucket
@@ -4424,9 +4999,9 @@ module Aws::S3
4424
4999
  # to the access point hostname. The access point hostname takes the
4425
5000
  # form
4426
5001
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4427
- # When using this operation using an access point through the AWS
4428
- # SDKs, you provide the access point ARN in place of the bucket name.
4429
- # For more information about access point ARNs, see [Using Access
5002
+ # When using this operation with an access point through the AWS SDKs,
5003
+ # you provide the access point ARN in place of the bucket name. For
5004
+ # more information about access point ARNs, see [Using Access
4430
5005
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4431
5006
  #
4432
5007
  #
@@ -4454,13 +5029,20 @@ module Aws::S3
4454
5029
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
4455
5030
  # @return [String]
4456
5031
  #
5032
+ # @!attribute [rw] expected_bucket_owner
5033
+ # The account id of the expected bucket owner. If the bucket is owned
5034
+ # by a different account, the request will fail with an HTTP `403
5035
+ # (Access Denied)` error.
5036
+ # @return [String]
5037
+ #
4457
5038
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectAclRequest AWS API Documentation
4458
5039
  #
4459
5040
  class GetObjectAclRequest < Struct.new(
4460
5041
  :bucket,
4461
5042
  :key,
4462
5043
  :version_id,
4463
- :request_payer)
5044
+ :request_payer,
5045
+ :expected_bucket_owner)
4464
5046
  SENSITIVE = []
4465
5047
  include Aws::Structure
4466
5048
  end
@@ -4485,6 +5067,7 @@ module Aws::S3
4485
5067
  # key: "ObjectKey", # required
4486
5068
  # version_id: "ObjectVersionId",
4487
5069
  # request_payer: "requester", # accepts requester
5070
+ # expected_bucket_owner: "AccountId",
4488
5071
  # }
4489
5072
  #
4490
5073
  # @!attribute [rw] bucket
@@ -4495,9 +5078,9 @@ module Aws::S3
4495
5078
  # to the access point hostname. The access point hostname takes the
4496
5079
  # form
4497
5080
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4498
- # When using this operation using an access point through the AWS
4499
- # SDKs, you provide the access point ARN in place of the bucket name.
4500
- # For more information about access point ARNs, see [Using Access
5081
+ # When using this operation with an access point through the AWS SDKs,
5082
+ # you provide the access point ARN in place of the bucket name. For
5083
+ # more information about access point ARNs, see [Using Access
4501
5084
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4502
5085
  #
4503
5086
  #
@@ -4527,13 +5110,20 @@ module Aws::S3
4527
5110
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
4528
5111
  # @return [String]
4529
5112
  #
5113
+ # @!attribute [rw] expected_bucket_owner
5114
+ # The account id of the expected bucket owner. If the bucket is owned
5115
+ # by a different account, the request will fail with an HTTP `403
5116
+ # (Access Denied)` error.
5117
+ # @return [String]
5118
+ #
4530
5119
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLegalHoldRequest AWS API Documentation
4531
5120
  #
4532
5121
  class GetObjectLegalHoldRequest < Struct.new(
4533
5122
  :bucket,
4534
5123
  :key,
4535
5124
  :version_id,
4536
- :request_payer)
5125
+ :request_payer,
5126
+ :expected_bucket_owner)
4537
5127
  SENSITIVE = []
4538
5128
  include Aws::Structure
4539
5129
  end
@@ -4555,16 +5145,37 @@ module Aws::S3
4555
5145
  #
4556
5146
  # {
4557
5147
  # bucket: "BucketName", # required
5148
+ # expected_bucket_owner: "AccountId",
4558
5149
  # }
4559
5150
  #
4560
5151
  # @!attribute [rw] bucket
4561
5152
  # The bucket whose Object Lock configuration you want to retrieve.
5153
+ #
5154
+ # When using this API with an access point, you must direct requests
5155
+ # to the access point hostname. The access point hostname takes the
5156
+ # form
5157
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5158
+ # When using this operation with an access point through the AWS SDKs,
5159
+ # you provide the access point ARN in place of the bucket name. For
5160
+ # more information about access point ARNs, see [Using Access
5161
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
5162
+ #
5163
+ #
5164
+ #
5165
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5166
+ # @return [String]
5167
+ #
5168
+ # @!attribute [rw] expected_bucket_owner
5169
+ # The account id of the expected bucket owner. If the bucket is owned
5170
+ # by a different account, the request will fail with an HTTP `403
5171
+ # (Access Denied)` error.
4562
5172
  # @return [String]
4563
5173
  #
4564
5174
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectLockConfigurationRequest AWS API Documentation
4565
5175
  #
4566
5176
  class GetObjectLockConfigurationRequest < Struct.new(
4567
- :bucket)
5177
+ :bucket,
5178
+ :expected_bucket_owner)
4568
5179
  SENSITIVE = []
4569
5180
  include Aws::Structure
4570
5181
  end
@@ -4788,6 +5399,7 @@ module Aws::S3
4788
5399
  # sse_customer_key_md5: "SSECustomerKeyMD5",
4789
5400
  # request_payer: "requester", # accepts requester
4790
5401
  # part_number: 1,
5402
+ # expected_bucket_owner: "AccountId",
4791
5403
  # }
4792
5404
  #
4793
5405
  # @!attribute [rw] bucket
@@ -4797,14 +5409,24 @@ module Aws::S3
4797
5409
  # to the access point hostname. The access point hostname takes the
4798
5410
  # form
4799
5411
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4800
- # When using this operation using an access point through the AWS
4801
- # SDKs, you provide the access point ARN in place of the bucket name.
4802
- # For more information about access point ARNs, see [Using Access
5412
+ # When using this operation with an access point through the AWS SDKs,
5413
+ # you provide the access point ARN in place of the bucket name. For
5414
+ # more information about access point ARNs, see [Using Access
4803
5415
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4804
5416
  #
5417
+ # When using this API with Amazon S3 on Outposts, you must direct
5418
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5419
+ # takes the form
5420
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5421
+ # When using this operation using S3 on Outposts through the AWS SDKs,
5422
+ # you provide the Outposts bucket ARN in place of the bucket name. For
5423
+ # more information about S3 on Outposts ARNs, see [Using S3 on
5424
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
5425
+ #
4805
5426
  #
4806
5427
  #
4807
5428
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5429
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
4808
5430
  # @return [String]
4809
5431
  #
4810
5432
  # @!attribute [rw] if_match
@@ -4884,7 +5506,7 @@ module Aws::S3
4884
5506
  # in encrypting data. This value is used to store the object and then
4885
5507
  # it is discarded; Amazon S3 does not store the encryption key. The
4886
5508
  # key must be appropriate for use with the algorithm specified in the
4887
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
5509
+ # `x-amz-server-side-encryption-customer-algorithm` header.
4888
5510
  # @return [String]
4889
5511
  #
4890
5512
  # @!attribute [rw] sse_customer_key_md5
@@ -4912,6 +5534,12 @@ module Aws::S3
4912
5534
  # object.
4913
5535
  # @return [Integer]
4914
5536
  #
5537
+ # @!attribute [rw] expected_bucket_owner
5538
+ # The account id of the expected bucket owner. If the bucket is owned
5539
+ # by a different account, the request will fail with an HTTP `403
5540
+ # (Access Denied)` error.
5541
+ # @return [String]
5542
+ #
4915
5543
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRequest AWS API Documentation
4916
5544
  #
4917
5545
  class GetObjectRequest < Struct.new(
@@ -4933,7 +5561,8 @@ module Aws::S3
4933
5561
  :sse_customer_key,
4934
5562
  :sse_customer_key_md5,
4935
5563
  :request_payer,
4936
- :part_number)
5564
+ :part_number,
5565
+ :expected_bucket_owner)
4937
5566
  SENSITIVE = [:sse_customer_key]
4938
5567
  include Aws::Structure
4939
5568
  end
@@ -4958,6 +5587,7 @@ module Aws::S3
4958
5587
  # key: "ObjectKey", # required
4959
5588
  # version_id: "ObjectVersionId",
4960
5589
  # request_payer: "requester", # accepts requester
5590
+ # expected_bucket_owner: "AccountId",
4961
5591
  # }
4962
5592
  #
4963
5593
  # @!attribute [rw] bucket
@@ -4968,9 +5598,9 @@ module Aws::S3
4968
5598
  # to the access point hostname. The access point hostname takes the
4969
5599
  # form
4970
5600
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
4971
- # When using this operation using an access point through the AWS
4972
- # SDKs, you provide the access point ARN in place of the bucket name.
4973
- # For more information about access point ARNs, see [Using Access
5601
+ # When using this operation with an access point through the AWS SDKs,
5602
+ # you provide the access point ARN in place of the bucket name. For
5603
+ # more information about access point ARNs, see [Using Access
4974
5604
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
4975
5605
  #
4976
5606
  #
@@ -5000,13 +5630,20 @@ module Aws::S3
5000
5630
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
5001
5631
  # @return [String]
5002
5632
  #
5633
+ # @!attribute [rw] expected_bucket_owner
5634
+ # The account id of the expected bucket owner. If the bucket is owned
5635
+ # by a different account, the request will fail with an HTTP `403
5636
+ # (Access Denied)` error.
5637
+ # @return [String]
5638
+ #
5003
5639
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectRetentionRequest AWS API Documentation
5004
5640
  #
5005
5641
  class GetObjectRetentionRequest < Struct.new(
5006
5642
  :bucket,
5007
5643
  :key,
5008
5644
  :version_id,
5009
- :request_payer)
5645
+ :request_payer,
5646
+ :expected_bucket_owner)
5010
5647
  SENSITIVE = []
5011
5648
  include Aws::Structure
5012
5649
  end
@@ -5036,6 +5673,7 @@ module Aws::S3
5036
5673
  # bucket: "BucketName", # required
5037
5674
  # key: "ObjectKey", # required
5038
5675
  # version_id: "ObjectVersionId",
5676
+ # expected_bucket_owner: "AccountId",
5039
5677
  # }
5040
5678
  #
5041
5679
  # @!attribute [rw] bucket
@@ -5046,14 +5684,24 @@ module Aws::S3
5046
5684
  # to the access point hostname. The access point hostname takes the
5047
5685
  # form
5048
5686
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5049
- # When using this operation using an access point through the AWS
5050
- # SDKs, you provide the access point ARN in place of the bucket name.
5051
- # For more information about access point ARNs, see [Using Access
5687
+ # When using this operation with an access point through the AWS SDKs,
5688
+ # you provide the access point ARN in place of the bucket name. For
5689
+ # more information about access point ARNs, see [Using Access
5052
5690
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
5053
5691
  #
5692
+ # When using this API with Amazon S3 on Outposts, you must direct
5693
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5694
+ # takes the form
5695
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5696
+ # When using this operation using S3 on Outposts through the AWS SDKs,
5697
+ # you provide the Outposts bucket ARN in place of the bucket name. For
5698
+ # more information about S3 on Outposts ARNs, see [Using S3 on
5699
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
5700
+ #
5054
5701
  #
5055
5702
  #
5056
5703
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5704
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
5057
5705
  # @return [String]
5058
5706
  #
5059
5707
  # @!attribute [rw] key
@@ -5065,12 +5713,19 @@ module Aws::S3
5065
5713
  # information.
5066
5714
  # @return [String]
5067
5715
  #
5716
+ # @!attribute [rw] expected_bucket_owner
5717
+ # The account id of the expected bucket owner. If the bucket is owned
5718
+ # by a different account, the request will fail with an HTTP `403
5719
+ # (Access Denied)` error.
5720
+ # @return [String]
5721
+ #
5068
5722
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTaggingRequest AWS API Documentation
5069
5723
  #
5070
5724
  class GetObjectTaggingRequest < Struct.new(
5071
5725
  :bucket,
5072
5726
  :key,
5073
- :version_id)
5727
+ :version_id,
5728
+ :expected_bucket_owner)
5074
5729
  SENSITIVE = []
5075
5730
  include Aws::Structure
5076
5731
  end
@@ -5100,6 +5755,7 @@ module Aws::S3
5100
5755
  # bucket: "BucketName", # required
5101
5756
  # key: "ObjectKey", # required
5102
5757
  # request_payer: "requester", # accepts requester
5758
+ # expected_bucket_owner: "AccountId",
5103
5759
  # }
5104
5760
  #
5105
5761
  # @!attribute [rw] bucket
@@ -5123,12 +5779,19 @@ module Aws::S3
5123
5779
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
5124
5780
  # @return [String]
5125
5781
  #
5782
+ # @!attribute [rw] expected_bucket_owner
5783
+ # The account id of the expected bucket owner. If the bucket is owned
5784
+ # by a different account, the request will fail with an HTTP `403
5785
+ # (Access Denied)` error.
5786
+ # @return [String]
5787
+ #
5126
5788
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObjectTorrentRequest AWS API Documentation
5127
5789
  #
5128
5790
  class GetObjectTorrentRequest < Struct.new(
5129
5791
  :bucket,
5130
5792
  :key,
5131
- :request_payer)
5793
+ :request_payer,
5794
+ :expected_bucket_owner)
5132
5795
  SENSITIVE = []
5133
5796
  include Aws::Structure
5134
5797
  end
@@ -5151,6 +5814,7 @@ module Aws::S3
5151
5814
  #
5152
5815
  # {
5153
5816
  # bucket: "BucketName", # required
5817
+ # expected_bucket_owner: "AccountId",
5154
5818
  # }
5155
5819
  #
5156
5820
  # @!attribute [rw] bucket
@@ -5158,10 +5822,17 @@ module Aws::S3
5158
5822
  # configuration you want to retrieve.
5159
5823
  # @return [String]
5160
5824
  #
5825
+ # @!attribute [rw] expected_bucket_owner
5826
+ # The account id of the expected bucket owner. If the bucket is owned
5827
+ # by a different account, the request will fail with an HTTP `403
5828
+ # (Access Denied)` error.
5829
+ # @return [String]
5830
+ #
5161
5831
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetPublicAccessBlockRequest AWS API Documentation
5162
5832
  #
5163
5833
  class GetPublicAccessBlockRequest < Struct.new(
5164
- :bucket)
5834
+ :bucket,
5835
+ :expected_bucket_owner)
5165
5836
  SENSITIVE = []
5166
5837
  include Aws::Structure
5167
5838
  end
@@ -5298,16 +5969,47 @@ module Aws::S3
5298
5969
  #
5299
5970
  # {
5300
5971
  # bucket: "BucketName", # required
5972
+ # expected_bucket_owner: "AccountId",
5301
5973
  # }
5302
5974
  #
5303
5975
  # @!attribute [rw] bucket
5304
5976
  # The bucket name.
5977
+ #
5978
+ # When using this API with an access point, you must direct requests
5979
+ # to the access point hostname. The access point hostname takes the
5980
+ # form
5981
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5982
+ # When using this operation with an access point through the AWS SDKs,
5983
+ # you provide the access point ARN in place of the bucket name. For
5984
+ # more information about access point ARNs, see [Using Access
5985
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
5986
+ #
5987
+ # When using this API with Amazon S3 on Outposts, you must direct
5988
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5989
+ # takes the form
5990
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5991
+ # When using this operation using S3 on Outposts through the AWS SDKs,
5992
+ # you provide the Outposts bucket ARN in place of the bucket name. For
5993
+ # more information about S3 on Outposts ARNs, see [Using S3 on
5994
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
5995
+ #
5996
+ #
5997
+ #
5998
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
5999
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
6000
+ # @return [String]
6001
+ #
6002
+ # @!attribute [rw] expected_bucket_owner
6003
+ # The account id of the expected bucket owner. If the bucket is owned
6004
+ # by a different account, the request will fail with an HTTP `403
6005
+ # (Access Denied)` error.
5305
6006
  # @return [String]
5306
6007
  #
5307
6008
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadBucketRequest AWS API Documentation
5308
6009
  #
5309
6010
  class HeadBucketRequest < Struct.new(
5310
- :bucket)
6011
+ :bucket,
6012
+ :expected_bucket_owner)
5311
6013
  SENSITIVE = []
5312
6014
  include Aws::Structure
5313
6015
  end
@@ -5332,8 +6034,8 @@ module Aws::S3
5332
6034
  # @!attribute [rw] restore
5333
6035
  # If the object is an archived object (an object whose storage class
5334
6036
  # is GLACIER), the response includes this header if either the archive
5335
- # restoration is in progress (see RestoreObject or an archive copy is
5336
- # already restored.
6037
+ # restoration is in progress (see [RestoreObject][1] or an archive
6038
+ # copy is already restored.
5337
6039
  #
5338
6040
  # If an archive copy is already restored, the header value indicates
5339
6041
  # when Amazon S3 is scheduled to delete the object copy. For example:
@@ -5345,11 +6047,12 @@ module Aws::S3
5345
6047
  # value `ongoing-request="true"`.
5346
6048
  #
5347
6049
  # For more information about archiving objects, see [Transitioning
5348
- # Objects: General Considerations][1].
6050
+ # Objects: General Considerations][2].
5349
6051
  #
5350
6052
  #
5351
6053
  #
5352
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
6054
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
6055
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
5353
6056
  # @return [String]
5354
6057
  #
5355
6058
  # @!attribute [rw] last_modified
@@ -5583,10 +6286,34 @@ module Aws::S3
5583
6286
  # sse_customer_key_md5: "SSECustomerKeyMD5",
5584
6287
  # request_payer: "requester", # accepts requester
5585
6288
  # part_number: 1,
6289
+ # expected_bucket_owner: "AccountId",
5586
6290
  # }
5587
6291
  #
5588
6292
  # @!attribute [rw] bucket
5589
6293
  # The name of the bucket containing the object.
6294
+ #
6295
+ # When using this API with an access point, you must direct requests
6296
+ # to the access point hostname. The access point hostname takes the
6297
+ # form
6298
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6299
+ # When using this operation with an access point through the AWS SDKs,
6300
+ # you provide the access point ARN in place of the bucket name. For
6301
+ # more information about access point ARNs, see [Using Access
6302
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
6303
+ #
6304
+ # When using this API with Amazon S3 on Outposts, you must direct
6305
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
6306
+ # takes the form
6307
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
6308
+ # When using this operation using S3 on Outposts through the AWS SDKs,
6309
+ # you provide the Outposts bucket ARN in place of the bucket name. For
6310
+ # more information about S3 on Outposts ARNs, see [Using S3 on
6311
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
6312
+ #
6313
+ #
6314
+ #
6315
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
6316
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
5590
6317
  # @return [String]
5591
6318
  #
5592
6319
  # @!attribute [rw] if_match
@@ -5616,12 +6343,16 @@ module Aws::S3
5616
6343
  # @!attribute [rw] range
5617
6344
  # Downloads the specified range bytes of an object. For more
5618
6345
  # information about the HTTP Range header, see
5619
- # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35]().
6346
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
5620
6347
  #
5621
6348
  # <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
5622
6349
  # `GET` request.
5623
6350
  #
5624
6351
  # </note>
6352
+ #
6353
+ #
6354
+ #
6355
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
5625
6356
  # @return [String]
5626
6357
  #
5627
6358
  # @!attribute [rw] version_id
@@ -5638,7 +6369,7 @@ module Aws::S3
5638
6369
  # in encrypting data. This value is used to store the object and then
5639
6370
  # it is discarded; Amazon S3 does not store the encryption key. The
5640
6371
  # key must be appropriate for use with the algorithm specified in the
5641
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
6372
+ # `x-amz-server-side-encryption-customer-algorithm` header.
5642
6373
  # @return [String]
5643
6374
  #
5644
6375
  # @!attribute [rw] sse_customer_key_md5
@@ -5666,6 +6397,12 @@ module Aws::S3
5666
6397
  # and the number of parts in this object.
5667
6398
  # @return [Integer]
5668
6399
  #
6400
+ # @!attribute [rw] expected_bucket_owner
6401
+ # The account id of the expected bucket owner. If the bucket is owned
6402
+ # by a different account, the request will fail with an HTTP `403
6403
+ # (Access Denied)` error.
6404
+ # @return [String]
6405
+ #
5669
6406
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/HeadObjectRequest AWS API Documentation
5670
6407
  #
5671
6408
  class HeadObjectRequest < Struct.new(
@@ -5681,7 +6418,8 @@ module Aws::S3
5681
6418
  :sse_customer_key,
5682
6419
  :sse_customer_key_md5,
5683
6420
  :request_payer,
5684
- :part_number)
6421
+ :part_number,
6422
+ :expected_bucket_owner)
5685
6423
  SENSITIVE = [:sse_customer_key]
5686
6424
  include Aws::Structure
5687
6425
  end
@@ -6486,6 +7224,7 @@ module Aws::S3
6486
7224
  # {
6487
7225
  # bucket: "BucketName", # required
6488
7226
  # continuation_token: "Token",
7227
+ # expected_bucket_owner: "AccountId",
6489
7228
  # }
6490
7229
  #
6491
7230
  # @!attribute [rw] bucket
@@ -6498,11 +7237,18 @@ module Aws::S3
6498
7237
  # request should begin.
6499
7238
  # @return [String]
6500
7239
  #
7240
+ # @!attribute [rw] expected_bucket_owner
7241
+ # The account id of the expected bucket owner. If the bucket is owned
7242
+ # by a different account, the request will fail with an HTTP `403
7243
+ # (Access Denied)` error.
7244
+ # @return [String]
7245
+ #
6501
7246
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketAnalyticsConfigurationsRequest AWS API Documentation
6502
7247
  #
6503
7248
  class ListBucketAnalyticsConfigurationsRequest < Struct.new(
6504
7249
  :bucket,
6505
- :continuation_token)
7250
+ :continuation_token,
7251
+ :expected_bucket_owner)
6506
7252
  SENSITIVE = []
6507
7253
  include Aws::Structure
6508
7254
  end
@@ -6546,6 +7292,7 @@ module Aws::S3
6546
7292
  # {
6547
7293
  # bucket: "BucketName", # required
6548
7294
  # continuation_token: "Token",
7295
+ # expected_bucket_owner: "AccountId",
6549
7296
  # }
6550
7297
  #
6551
7298
  # @!attribute [rw] bucket
@@ -6560,11 +7307,18 @@ module Aws::S3
6560
7307
  # token is an opaque value that Amazon S3 understands.
6561
7308
  # @return [String]
6562
7309
  #
7310
+ # @!attribute [rw] expected_bucket_owner
7311
+ # The account id of the expected bucket owner. If the bucket is owned
7312
+ # by a different account, the request will fail with an HTTP `403
7313
+ # (Access Denied)` error.
7314
+ # @return [String]
7315
+ #
6563
7316
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketInventoryConfigurationsRequest AWS API Documentation
6564
7317
  #
6565
7318
  class ListBucketInventoryConfigurationsRequest < Struct.new(
6566
7319
  :bucket,
6567
- :continuation_token)
7320
+ :continuation_token,
7321
+ :expected_bucket_owner)
6568
7322
  SENSITIVE = []
6569
7323
  include Aws::Structure
6570
7324
  end
@@ -6610,6 +7364,7 @@ module Aws::S3
6610
7364
  # {
6611
7365
  # bucket: "BucketName", # required
6612
7366
  # continuation_token: "Token",
7367
+ # expected_bucket_owner: "AccountId",
6613
7368
  # }
6614
7369
  #
6615
7370
  # @!attribute [rw] bucket
@@ -6624,11 +7379,18 @@ module Aws::S3
6624
7379
  # continuation token is an opaque value that Amazon S3 understands.
6625
7380
  # @return [String]
6626
7381
  #
7382
+ # @!attribute [rw] expected_bucket_owner
7383
+ # The account id of the expected bucket owner. If the bucket is owned
7384
+ # by a different account, the request will fail with an HTTP `403
7385
+ # (Access Denied)` error.
7386
+ # @return [String]
7387
+ #
6627
7388
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurationsRequest AWS API Documentation
6628
7389
  #
6629
7390
  class ListBucketMetricsConfigurationsRequest < Struct.new(
6630
7391
  :bucket,
6631
- :continuation_token)
7392
+ :continuation_token,
7393
+ :expected_bucket_owner)
6632
7394
  SENSITIVE = []
6633
7395
  include Aws::Structure
6634
7396
  end
@@ -6651,7 +7413,7 @@ module Aws::S3
6651
7413
  end
6652
7414
 
6653
7415
  # @!attribute [rw] bucket
6654
- # Name of the bucket to which the multipart upload was initiated.
7416
+ # The name of the bucket to which the multipart upload was initiated.
6655
7417
  # @return [String]
6656
7418
  #
6657
7419
  # @!attribute [rw] key_marker
@@ -6751,23 +7513,34 @@ module Aws::S3
6751
7513
  # max_uploads: 1,
6752
7514
  # prefix: "Prefix",
6753
7515
  # upload_id_marker: "UploadIdMarker",
7516
+ # expected_bucket_owner: "AccountId",
6754
7517
  # }
6755
7518
  #
6756
7519
  # @!attribute [rw] bucket
6757
- # Name of the bucket to which the multipart upload was initiated.
7520
+ # The name of the bucket to which the multipart upload was initiated.
6758
7521
  #
6759
7522
  # When using this API with an access point, you must direct requests
6760
7523
  # to the access point hostname. The access point hostname takes the
6761
7524
  # form
6762
7525
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6763
- # When using this operation using an access point through the AWS
6764
- # SDKs, you provide the access point ARN in place of the bucket name.
6765
- # For more information about access point ARNs, see [Using Access
7526
+ # When using this operation with an access point through the AWS SDKs,
7527
+ # you provide the access point ARN in place of the bucket name. For
7528
+ # more information about access point ARNs, see [Using Access
6766
7529
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
6767
7530
  #
7531
+ # When using this API with Amazon S3 on Outposts, you must direct
7532
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7533
+ # takes the form
7534
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7535
+ # When using this operation using S3 on Outposts through the AWS SDKs,
7536
+ # you provide the Outposts bucket ARN in place of the bucket name. For
7537
+ # more information about S3 on Outposts ARNs, see [Using S3 on
7538
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
7539
+ #
6768
7540
  #
6769
7541
  #
6770
7542
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
7543
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
6771
7544
  # @return [String]
6772
7545
  #
6773
7546
  # @!attribute [rw] delimiter
@@ -6827,6 +7600,12 @@ module Aws::S3
6827
7600
  # the specified `upload-id-marker`.
6828
7601
  # @return [String]
6829
7602
  #
7603
+ # @!attribute [rw] expected_bucket_owner
7604
+ # The account id of the expected bucket owner. If the bucket is owned
7605
+ # by a different account, the request will fail with an HTTP `403
7606
+ # (Access Denied)` error.
7607
+ # @return [String]
7608
+ #
6830
7609
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListMultipartUploadsRequest AWS API Documentation
6831
7610
  #
6832
7611
  class ListMultipartUploadsRequest < Struct.new(
@@ -6836,7 +7615,8 @@ module Aws::S3
6836
7615
  :key_marker,
6837
7616
  :max_uploads,
6838
7617
  :prefix,
6839
- :upload_id_marker)
7618
+ :upload_id_marker,
7619
+ :expected_bucket_owner)
6840
7620
  SENSITIVE = []
6841
7621
  include Aws::Structure
6842
7622
  end
@@ -6880,7 +7660,7 @@ module Aws::S3
6880
7660
  # @return [Array<Types::DeleteMarkerEntry>]
6881
7661
  #
6882
7662
  # @!attribute [rw] name
6883
- # Bucket name.
7663
+ # The bucket name.
6884
7664
  # @return [String]
6885
7665
  #
6886
7666
  # @!attribute [rw] prefix
@@ -6948,23 +7728,11 @@ module Aws::S3
6948
7728
  # max_keys: 1,
6949
7729
  # prefix: "Prefix",
6950
7730
  # version_id_marker: "VersionIdMarker",
7731
+ # expected_bucket_owner: "AccountId",
6951
7732
  # }
6952
7733
  #
6953
7734
  # @!attribute [rw] bucket
6954
7735
  # The bucket name that contains the objects.
6955
- #
6956
- # When using this API with an access point, you must direct requests
6957
- # to the access point hostname. The access point hostname takes the
6958
- # form
6959
- # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6960
- # When using this operation using an access point through the AWS
6961
- # SDKs, you provide the access point ARN in place of the bucket name.
6962
- # For more information about access point ARNs, see [Using Access
6963
- # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
6964
- #
6965
- #
6966
- #
6967
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
6968
7736
  # @return [String]
6969
7737
  #
6970
7738
  # @!attribute [rw] delimiter
@@ -7012,6 +7780,12 @@ module Aws::S3
7012
7780
  # Specifies the object version you want to start listing from.
7013
7781
  # @return [String]
7014
7782
  #
7783
+ # @!attribute [rw] expected_bucket_owner
7784
+ # The account id of the expected bucket owner. If the bucket is owned
7785
+ # by a different account, the request will fail with an HTTP `403
7786
+ # (Access Denied)` error.
7787
+ # @return [String]
7788
+ #
7015
7789
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectVersionsRequest AWS API Documentation
7016
7790
  #
7017
7791
  class ListObjectVersionsRequest < Struct.new(
@@ -7021,7 +7795,8 @@ module Aws::S3
7021
7795
  :key_marker,
7022
7796
  :max_keys,
7023
7797
  :prefix,
7024
- :version_id_marker)
7798
+ :version_id_marker,
7799
+ :expected_bucket_owner)
7025
7800
  SENSITIVE = []
7026
7801
  include Aws::Structure
7027
7802
  end
@@ -7052,7 +7827,7 @@ module Aws::S3
7052
7827
  # @return [Array<Types::Object>]
7053
7828
  #
7054
7829
  # @!attribute [rw] name
7055
- # Bucket name.
7830
+ # The bucket name.
7056
7831
  # @return [String]
7057
7832
  #
7058
7833
  # @!attribute [rw] prefix
@@ -7123,10 +7898,34 @@ module Aws::S3
7123
7898
  # max_keys: 1,
7124
7899
  # prefix: "Prefix",
7125
7900
  # request_payer: "requester", # accepts requester
7901
+ # expected_bucket_owner: "AccountId",
7126
7902
  # }
7127
7903
  #
7128
7904
  # @!attribute [rw] bucket
7129
7905
  # The name of the bucket containing the objects.
7906
+ #
7907
+ # When using this API with an access point, you must direct requests
7908
+ # to the access point hostname. The access point hostname takes the
7909
+ # form
7910
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7911
+ # When using this operation with an access point through the AWS SDKs,
7912
+ # you provide the access point ARN in place of the bucket name. For
7913
+ # more information about access point ARNs, see [Using Access
7914
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7915
+ #
7916
+ # When using this API with Amazon S3 on Outposts, you must direct
7917
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7918
+ # takes the form
7919
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7920
+ # When using this operation using S3 on Outposts through the AWS SDKs,
7921
+ # you provide the Outposts bucket ARN in place of the bucket name. For
7922
+ # more information about S3 on Outposts ARNs, see [Using S3 on
7923
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
7924
+ #
7925
+ #
7926
+ #
7927
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
7928
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7130
7929
  # @return [String]
7131
7930
  #
7132
7931
  # @!attribute [rw] delimiter
@@ -7162,6 +7961,12 @@ module Aws::S3
7162
7961
  # parameter in their requests.
7163
7962
  # @return [String]
7164
7963
  #
7964
+ # @!attribute [rw] expected_bucket_owner
7965
+ # The account id of the expected bucket owner. If the bucket is owned
7966
+ # by a different account, the request will fail with an HTTP `403
7967
+ # (Access Denied)` error.
7968
+ # @return [String]
7969
+ #
7165
7970
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsRequest AWS API Documentation
7166
7971
  #
7167
7972
  class ListObjectsRequest < Struct.new(
@@ -7171,7 +7976,8 @@ module Aws::S3
7171
7976
  :marker,
7172
7977
  :max_keys,
7173
7978
  :prefix,
7174
- :request_payer)
7979
+ :request_payer,
7980
+ :expected_bucket_owner)
7175
7981
  SENSITIVE = []
7176
7982
  include Aws::Structure
7177
7983
  end
@@ -7187,20 +7993,30 @@ module Aws::S3
7187
7993
  # @return [Array<Types::Object>]
7188
7994
  #
7189
7995
  # @!attribute [rw] name
7190
- # Bucket name.
7996
+ # The bucket name.
7191
7997
  #
7192
7998
  # When using this API with an access point, you must direct requests
7193
7999
  # to the access point hostname. The access point hostname takes the
7194
8000
  # form
7195
8001
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7196
- # When using this operation using an access point through the AWS
7197
- # SDKs, you provide the access point ARN in place of the bucket name.
7198
- # For more information about access point ARNs, see [Using Access
8002
+ # When using this operation with an access point through the AWS SDKs,
8003
+ # you provide the access point ARN in place of the bucket name. For
8004
+ # more information about access point ARNs, see [Using Access
7199
8005
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7200
8006
  #
8007
+ # When using this API with Amazon S3 on Outposts, you must direct
8008
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
8009
+ # takes the form
8010
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
8011
+ # When using this operation using S3 on Outposts through the AWS SDKs,
8012
+ # you provide the Outposts bucket ARN in place of the bucket name. For
8013
+ # more information about S3 on Outposts ARNs, see [Using S3 on
8014
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
8015
+ #
7201
8016
  #
7202
8017
  #
7203
8018
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
8019
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7204
8020
  # @return [String]
7205
8021
  #
7206
8022
  # @!attribute [rw] prefix
@@ -7308,6 +8124,7 @@ module Aws::S3
7308
8124
  # fetch_owner: false,
7309
8125
  # start_after: "StartAfter",
7310
8126
  # request_payer: "requester", # accepts requester
8127
+ # expected_bucket_owner: "AccountId",
7311
8128
  # }
7312
8129
  #
7313
8130
  # @!attribute [rw] bucket
@@ -7317,14 +8134,24 @@ module Aws::S3
7317
8134
  # to the access point hostname. The access point hostname takes the
7318
8135
  # form
7319
8136
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7320
- # When using this operation using an access point through the AWS
7321
- # SDKs, you provide the access point ARN in place of the bucket name.
7322
- # For more information about access point ARNs, see [Using Access
8137
+ # When using this operation with an access point through the AWS SDKs,
8138
+ # you provide the access point ARN in place of the bucket name. For
8139
+ # more information about access point ARNs, see [Using Access
7323
8140
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7324
8141
  #
8142
+ # When using this API with Amazon S3 on Outposts, you must direct
8143
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
8144
+ # takes the form
8145
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
8146
+ # When using this operation using S3 on Outposts through the AWS SDKs,
8147
+ # you provide the Outposts bucket ARN in place of the bucket name. For
8148
+ # more information about S3 on Outposts ARNs, see [Using S3 on
8149
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
8150
+ #
7325
8151
  #
7326
8152
  #
7327
8153
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
8154
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7328
8155
  # @return [String]
7329
8156
  #
7330
8157
  # @!attribute [rw] delimiter
@@ -7370,6 +8197,12 @@ module Aws::S3
7370
8197
  # this parameter in their requests.
7371
8198
  # @return [String]
7372
8199
  #
8200
+ # @!attribute [rw] expected_bucket_owner
8201
+ # The account id of the expected bucket owner. If the bucket is owned
8202
+ # by a different account, the request will fail with an HTTP `403
8203
+ # (Access Denied)` error.
8204
+ # @return [String]
8205
+ #
7373
8206
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListObjectsV2Request AWS API Documentation
7374
8207
  #
7375
8208
  class ListObjectsV2Request < Struct.new(
@@ -7381,7 +8214,8 @@ module Aws::S3
7381
8214
  :continuation_token,
7382
8215
  :fetch_owner,
7383
8216
  :start_after,
7384
- :request_payer)
8217
+ :request_payer,
8218
+ :expected_bucket_owner)
7385
8219
  SENSITIVE = []
7386
8220
  include Aws::Structure
7387
8221
  end
@@ -7411,7 +8245,7 @@ module Aws::S3
7411
8245
  # @return [String]
7412
8246
  #
7413
8247
  # @!attribute [rw] bucket
7414
- # Name of the bucket to which the multipart upload was initiated.
8248
+ # The name of the bucket to which the multipart upload was initiated.
7415
8249
  # @return [String]
7416
8250
  #
7417
8251
  # @!attribute [rw] key
@@ -7505,23 +8339,34 @@ module Aws::S3
7505
8339
  # part_number_marker: 1,
7506
8340
  # upload_id: "MultipartUploadId", # required
7507
8341
  # request_payer: "requester", # accepts requester
8342
+ # expected_bucket_owner: "AccountId",
7508
8343
  # }
7509
8344
  #
7510
8345
  # @!attribute [rw] bucket
7511
- # Name of the bucket to which the parts are being uploaded.
8346
+ # The name of the bucket to which the parts are being uploaded.
7512
8347
  #
7513
8348
  # When using this API with an access point, you must direct requests
7514
8349
  # to the access point hostname. The access point hostname takes the
7515
8350
  # form
7516
8351
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7517
- # When using this operation using an access point through the AWS
7518
- # SDKs, you provide the access point ARN in place of the bucket name.
7519
- # For more information about access point ARNs, see [Using Access
8352
+ # When using this operation with an access point through the AWS SDKs,
8353
+ # you provide the access point ARN in place of the bucket name. For
8354
+ # more information about access point ARNs, see [Using Access
7520
8355
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
7521
8356
  #
8357
+ # When using this API with Amazon S3 on Outposts, you must direct
8358
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
8359
+ # takes the form
8360
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
8361
+ # When using this operation using S3 on Outposts through the AWS SDKs,
8362
+ # you provide the Outposts bucket ARN in place of the bucket name. For
8363
+ # more information about S3 on Outposts ARNs, see [Using S3 on
8364
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
8365
+ #
7522
8366
  #
7523
8367
  #
7524
8368
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
8369
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
7525
8370
  # @return [String]
7526
8371
  #
7527
8372
  # @!attribute [rw] key
@@ -7554,6 +8399,12 @@ module Aws::S3
7554
8399
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
7555
8400
  # @return [String]
7556
8401
  #
8402
+ # @!attribute [rw] expected_bucket_owner
8403
+ # The account id of the expected bucket owner. If the bucket is owned
8404
+ # by a different account, the request will fail with an HTTP `403
8405
+ # (Access Denied)` error.
8406
+ # @return [String]
8407
+ #
7557
8408
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListPartsRequest AWS API Documentation
7558
8409
  #
7559
8410
  class ListPartsRequest < Struct.new(
@@ -7562,7 +8413,8 @@ module Aws::S3
7562
8413
  :max_parts,
7563
8414
  :part_number_marker,
7564
8415
  :upload_id,
7565
- :request_payer)
8416
+ :request_payer,
8417
+ :expected_bucket_owner)
7566
8418
  SENSITIVE = []
7567
8419
  include Aws::Structure
7568
8420
  end
@@ -8425,7 +9277,7 @@ module Aws::S3
8425
9277
  # value: "MetadataValue",
8426
9278
  # },
8427
9279
  # ],
8428
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
9280
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
8429
9281
  # },
8430
9282
  # }
8431
9283
  #
@@ -8504,6 +9356,60 @@ module Aws::S3
8504
9356
  include Aws::Structure
8505
9357
  end
8506
9358
 
9359
+ # The container element for a bucket's ownership controls.
9360
+ #
9361
+ # @note When making an API call, you may pass OwnershipControls
9362
+ # data as a hash:
9363
+ #
9364
+ # {
9365
+ # rules: [ # required
9366
+ # {
9367
+ # object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
9368
+ # },
9369
+ # ],
9370
+ # }
9371
+ #
9372
+ # @!attribute [rw] rules
9373
+ # The container element for an ownership control rule.
9374
+ # @return [Array<Types::OwnershipControlsRule>]
9375
+ #
9376
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OwnershipControls AWS API Documentation
9377
+ #
9378
+ class OwnershipControls < Struct.new(
9379
+ :rules)
9380
+ SENSITIVE = []
9381
+ include Aws::Structure
9382
+ end
9383
+
9384
+ # The container element for an ownership control rule.
9385
+ #
9386
+ # @note When making an API call, you may pass OwnershipControlsRule
9387
+ # data as a hash:
9388
+ #
9389
+ # {
9390
+ # object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
9391
+ # }
9392
+ #
9393
+ # @!attribute [rw] object_ownership
9394
+ # The container element for object ownership for a bucket's ownership
9395
+ # controls.
9396
+ #
9397
+ # BucketOwnerPreferred - Objects uploaded to the bucket change
9398
+ # ownership to the bucket owner if the objects are uploaded with the
9399
+ # `bucket-owner-full-control` canned ACL.
9400
+ #
9401
+ # ObjectWriter - The uploading account will own the object if the
9402
+ # object is uploaded with the `bucket-owner-full-control` canned ACL.
9403
+ # @return [String]
9404
+ #
9405
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/OwnershipControlsRule AWS API Documentation
9406
+ #
9407
+ class OwnershipControlsRule < Struct.new(
9408
+ :object_ownership)
9409
+ SENSITIVE = []
9410
+ include Aws::Structure
9411
+ end
9412
+
8507
9413
  # Container for Parquet.
8508
9414
  #
8509
9415
  # @api private
@@ -8682,21 +9588,30 @@ module Aws::S3
8682
9588
  # accelerate_configuration: { # required
8683
9589
  # status: "Enabled", # accepts Enabled, Suspended
8684
9590
  # },
9591
+ # expected_bucket_owner: "AccountId",
8685
9592
  # }
8686
9593
  #
8687
9594
  # @!attribute [rw] bucket
8688
- # Name of the bucket for which the accelerate configuration is set.
9595
+ # The name of the bucket for which the accelerate configuration is
9596
+ # set.
8689
9597
  # @return [String]
8690
9598
  #
8691
9599
  # @!attribute [rw] accelerate_configuration
8692
9600
  # Container for setting the transfer acceleration state.
8693
9601
  # @return [Types::AccelerateConfiguration]
8694
9602
  #
9603
+ # @!attribute [rw] expected_bucket_owner
9604
+ # The account id of the expected bucket owner. If the bucket is owned
9605
+ # by a different account, the request will fail with an HTTP `403
9606
+ # (Access Denied)` error.
9607
+ # @return [String]
9608
+ #
8695
9609
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAccelerateConfigurationRequest AWS API Documentation
8696
9610
  #
8697
9611
  class PutBucketAccelerateConfigurationRequest < Struct.new(
8698
9612
  :bucket,
8699
- :accelerate_configuration)
9613
+ :accelerate_configuration,
9614
+ :expected_bucket_owner)
8700
9615
  SENSITIVE = []
8701
9616
  include Aws::Structure
8702
9617
  end
@@ -8731,6 +9646,7 @@ module Aws::S3
8731
9646
  # grant_read_acp: "GrantReadACP",
8732
9647
  # grant_write: "GrantWrite",
8733
9648
  # grant_write_acp: "GrantWriteACP",
9649
+ # expected_bucket_owner: "AccountId",
8734
9650
  # }
8735
9651
  #
8736
9652
  # @!attribute [rw] acl
@@ -8779,6 +9695,12 @@ module Aws::S3
8779
9695
  # Allows grantee to write the ACL for the applicable bucket.
8780
9696
  # @return [String]
8781
9697
  #
9698
+ # @!attribute [rw] expected_bucket_owner
9699
+ # The account id of the expected bucket owner. If the bucket is owned
9700
+ # by a different account, the request will fail with an HTTP `403
9701
+ # (Access Denied)` error.
9702
+ # @return [String]
9703
+ #
8782
9704
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAclRequest AWS API Documentation
8783
9705
  #
8784
9706
  class PutBucketAclRequest < Struct.new(
@@ -8790,7 +9712,8 @@ module Aws::S3
8790
9712
  :grant_read,
8791
9713
  :grant_read_acp,
8792
9714
  :grant_write,
8793
- :grant_write_acp)
9715
+ :grant_write_acp,
9716
+ :expected_bucket_owner)
8794
9717
  SENSITIVE = []
8795
9718
  include Aws::Structure
8796
9719
  end
@@ -8833,6 +9756,7 @@ module Aws::S3
8833
9756
  # },
8834
9757
  # },
8835
9758
  # },
9759
+ # expected_bucket_owner: "AccountId",
8836
9760
  # }
8837
9761
  #
8838
9762
  # @!attribute [rw] bucket
@@ -8848,12 +9772,19 @@ module Aws::S3
8848
9772
  # The configuration and any analyses for the analytics filter.
8849
9773
  # @return [Types::AnalyticsConfiguration]
8850
9774
  #
9775
+ # @!attribute [rw] expected_bucket_owner
9776
+ # The account id of the expected bucket owner. If the bucket is owned
9777
+ # by a different account, the request will fail with an HTTP `403
9778
+ # (Access Denied)` error.
9779
+ # @return [String]
9780
+ #
8851
9781
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAnalyticsConfigurationRequest AWS API Documentation
8852
9782
  #
8853
9783
  class PutBucketAnalyticsConfigurationRequest < Struct.new(
8854
9784
  :bucket,
8855
9785
  :id,
8856
- :analytics_configuration)
9786
+ :analytics_configuration,
9787
+ :expected_bucket_owner)
8857
9788
  SENSITIVE = []
8858
9789
  include Aws::Structure
8859
9790
  end
@@ -8875,6 +9806,7 @@ module Aws::S3
8875
9806
  # ],
8876
9807
  # },
8877
9808
  # content_md5: "ContentMD5",
9809
+ # expected_bucket_owner: "AccountId",
8878
9810
  # }
8879
9811
  #
8880
9812
  # @!attribute [rw] bucket
@@ -8903,12 +9835,19 @@ module Aws::S3
8903
9835
  # [1]: http://www.ietf.org/rfc/rfc1864.txt
8904
9836
  # @return [String]
8905
9837
  #
9838
+ # @!attribute [rw] expected_bucket_owner
9839
+ # The account id of the expected bucket owner. If the bucket is owned
9840
+ # by a different account, the request will fail with an HTTP `403
9841
+ # (Access Denied)` error.
9842
+ # @return [String]
9843
+ #
8906
9844
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketCorsRequest AWS API Documentation
8907
9845
  #
8908
9846
  class PutBucketCorsRequest < Struct.new(
8909
9847
  :bucket,
8910
9848
  :cors_configuration,
8911
- :content_md5)
9849
+ :content_md5,
9850
+ :expected_bucket_owner)
8912
9851
  SENSITIVE = []
8913
9852
  include Aws::Structure
8914
9853
  end
@@ -8929,6 +9868,7 @@ module Aws::S3
8929
9868
  # },
8930
9869
  # ],
8931
9870
  # },
9871
+ # expected_bucket_owner: "AccountId",
8932
9872
  # }
8933
9873
  #
8934
9874
  # @!attribute [rw] bucket
@@ -8954,12 +9894,19 @@ module Aws::S3
8954
9894
  # Specifies the default server-side-encryption configuration.
8955
9895
  # @return [Types::ServerSideEncryptionConfiguration]
8956
9896
  #
9897
+ # @!attribute [rw] expected_bucket_owner
9898
+ # The account id of the expected bucket owner. If the bucket is owned
9899
+ # by a different account, the request will fail with an HTTP `403
9900
+ # (Access Denied)` error.
9901
+ # @return [String]
9902
+ #
8957
9903
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketEncryptionRequest AWS API Documentation
8958
9904
  #
8959
9905
  class PutBucketEncryptionRequest < Struct.new(
8960
9906
  :bucket,
8961
9907
  :content_md5,
8962
- :server_side_encryption_configuration)
9908
+ :server_side_encryption_configuration,
9909
+ :expected_bucket_owner)
8963
9910
  SENSITIVE = []
8964
9911
  include Aws::Structure
8965
9912
  end
@@ -8997,6 +9944,7 @@ module Aws::S3
8997
9944
  # frequency: "Daily", # required, accepts Daily, Weekly
8998
9945
  # },
8999
9946
  # },
9947
+ # expected_bucket_owner: "AccountId",
9000
9948
  # }
9001
9949
  #
9002
9950
  # @!attribute [rw] bucket
@@ -9012,12 +9960,19 @@ module Aws::S3
9012
9960
  # Specifies the inventory configuration.
9013
9961
  # @return [Types::InventoryConfiguration]
9014
9962
  #
9963
+ # @!attribute [rw] expected_bucket_owner
9964
+ # The account id of the expected bucket owner. If the bucket is owned
9965
+ # by a different account, the request will fail with an HTTP `403
9966
+ # (Access Denied)` error.
9967
+ # @return [String]
9968
+ #
9015
9969
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketInventoryConfigurationRequest AWS API Documentation
9016
9970
  #
9017
9971
  class PutBucketInventoryConfigurationRequest < Struct.new(
9018
9972
  :bucket,
9019
9973
  :id,
9020
- :inventory_configuration)
9974
+ :inventory_configuration,
9975
+ :expected_bucket_owner)
9021
9976
  SENSITIVE = []
9022
9977
  include Aws::Structure
9023
9978
  end
@@ -9076,6 +10031,7 @@ module Aws::S3
9076
10031
  # },
9077
10032
  # ],
9078
10033
  # },
10034
+ # expected_bucket_owner: "AccountId",
9079
10035
  # }
9080
10036
  #
9081
10037
  # @!attribute [rw] bucket
@@ -9086,11 +10042,18 @@ module Aws::S3
9086
10042
  # Container for lifecycle rules. You can add as many as 1,000 rules.
9087
10043
  # @return [Types::BucketLifecycleConfiguration]
9088
10044
  #
10045
+ # @!attribute [rw] expected_bucket_owner
10046
+ # The account id of the expected bucket owner. If the bucket is owned
10047
+ # by a different account, the request will fail with an HTTP `403
10048
+ # (Access Denied)` error.
10049
+ # @return [String]
10050
+ #
9089
10051
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleConfigurationRequest AWS API Documentation
9090
10052
  #
9091
10053
  class PutBucketLifecycleConfigurationRequest < Struct.new(
9092
10054
  :bucket,
9093
- :lifecycle_configuration)
10055
+ :lifecycle_configuration,
10056
+ :expected_bucket_owner)
9094
10057
  SENSITIVE = []
9095
10058
  include Aws::Structure
9096
10059
  end
@@ -9130,6 +10093,7 @@ module Aws::S3
9130
10093
  # },
9131
10094
  # ],
9132
10095
  # },
10096
+ # expected_bucket_owner: "AccountId",
9133
10097
  # }
9134
10098
  #
9135
10099
  # @!attribute [rw] bucket
@@ -9141,12 +10105,19 @@ module Aws::S3
9141
10105
  # @!attribute [rw] lifecycle_configuration
9142
10106
  # @return [Types::LifecycleConfiguration]
9143
10107
  #
10108
+ # @!attribute [rw] expected_bucket_owner
10109
+ # The account id of the expected bucket owner. If the bucket is owned
10110
+ # by a different account, the request will fail with an HTTP `403
10111
+ # (Access Denied)` error.
10112
+ # @return [String]
10113
+ #
9144
10114
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLifecycleRequest AWS API Documentation
9145
10115
  #
9146
10116
  class PutBucketLifecycleRequest < Struct.new(
9147
10117
  :bucket,
9148
10118
  :content_md5,
9149
- :lifecycle_configuration)
10119
+ :lifecycle_configuration,
10120
+ :expected_bucket_owner)
9150
10121
  SENSITIVE = []
9151
10122
  include Aws::Structure
9152
10123
  end
@@ -9175,6 +10146,7 @@ module Aws::S3
9175
10146
  # },
9176
10147
  # },
9177
10148
  # content_md5: "ContentMD5",
10149
+ # expected_bucket_owner: "AccountId",
9178
10150
  # }
9179
10151
  #
9180
10152
  # @!attribute [rw] bucket
@@ -9189,12 +10161,19 @@ module Aws::S3
9189
10161
  # The MD5 hash of the `PutBucketLogging` request body.
9190
10162
  # @return [String]
9191
10163
  #
10164
+ # @!attribute [rw] expected_bucket_owner
10165
+ # The account id of the expected bucket owner. If the bucket is owned
10166
+ # by a different account, the request will fail with an HTTP `403
10167
+ # (Access Denied)` error.
10168
+ # @return [String]
10169
+ #
9192
10170
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketLoggingRequest AWS API Documentation
9193
10171
  #
9194
10172
  class PutBucketLoggingRequest < Struct.new(
9195
10173
  :bucket,
9196
10174
  :bucket_logging_status,
9197
- :content_md5)
10175
+ :content_md5,
10176
+ :expected_bucket_owner)
9198
10177
  SENSITIVE = []
9199
10178
  include Aws::Structure
9200
10179
  end
@@ -9224,6 +10203,7 @@ module Aws::S3
9224
10203
  # },
9225
10204
  # },
9226
10205
  # },
10206
+ # expected_bucket_owner: "AccountId",
9227
10207
  # }
9228
10208
  #
9229
10209
  # @!attribute [rw] bucket
@@ -9238,12 +10218,19 @@ module Aws::S3
9238
10218
  # Specifies the metrics configuration.
9239
10219
  # @return [Types::MetricsConfiguration]
9240
10220
  #
10221
+ # @!attribute [rw] expected_bucket_owner
10222
+ # The account id of the expected bucket owner. If the bucket is owned
10223
+ # by a different account, the request will fail with an HTTP `403
10224
+ # (Access Denied)` error.
10225
+ # @return [String]
10226
+ #
9241
10227
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketMetricsConfigurationRequest AWS API Documentation
9242
10228
  #
9243
10229
  class PutBucketMetricsConfigurationRequest < Struct.new(
9244
10230
  :bucket,
9245
10231
  :id,
9246
- :metrics_configuration)
10232
+ :metrics_configuration,
10233
+ :expected_bucket_owner)
9247
10234
  SENSITIVE = []
9248
10235
  include Aws::Structure
9249
10236
  end
@@ -9306,6 +10293,7 @@ module Aws::S3
9306
10293
  # },
9307
10294
  # ],
9308
10295
  # },
10296
+ # expected_bucket_owner: "AccountId",
9309
10297
  # }
9310
10298
  #
9311
10299
  # @!attribute [rw] bucket
@@ -9318,11 +10306,18 @@ module Aws::S3
9318
10306
  # the bucket.
9319
10307
  # @return [Types::NotificationConfiguration]
9320
10308
  #
10309
+ # @!attribute [rw] expected_bucket_owner
10310
+ # The account id of the expected bucket owner. If the bucket is owned
10311
+ # by a different account, the request will fail with an HTTP `403
10312
+ # (Access Denied)` error.
10313
+ # @return [String]
10314
+ #
9321
10315
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationConfigurationRequest AWS API Documentation
9322
10316
  #
9323
10317
  class PutBucketNotificationConfigurationRequest < Struct.new(
9324
10318
  :bucket,
9325
- :notification_configuration)
10319
+ :notification_configuration,
10320
+ :expected_bucket_owner)
9326
10321
  SENSITIVE = []
9327
10322
  include Aws::Structure
9328
10323
  end
@@ -9354,6 +10349,7 @@ module Aws::S3
9354
10349
  # invocation_role: "CloudFunctionInvocationRole",
9355
10350
  # },
9356
10351
  # },
10352
+ # expected_bucket_owner: "AccountId",
9357
10353
  # }
9358
10354
  #
9359
10355
  # @!attribute [rw] bucket
@@ -9368,12 +10364,63 @@ module Aws::S3
9368
10364
  # The container for the configuration.
9369
10365
  # @return [Types::NotificationConfigurationDeprecated]
9370
10366
  #
10367
+ # @!attribute [rw] expected_bucket_owner
10368
+ # The account id of the expected bucket owner. If the bucket is owned
10369
+ # by a different account, the request will fail with an HTTP `403
10370
+ # (Access Denied)` error.
10371
+ # @return [String]
10372
+ #
9371
10373
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketNotificationRequest AWS API Documentation
9372
10374
  #
9373
10375
  class PutBucketNotificationRequest < Struct.new(
9374
10376
  :bucket,
9375
10377
  :content_md5,
9376
- :notification_configuration)
10378
+ :notification_configuration,
10379
+ :expected_bucket_owner)
10380
+ SENSITIVE = []
10381
+ include Aws::Structure
10382
+ end
10383
+
10384
+ # @note When making an API call, you may pass PutBucketOwnershipControlsRequest
10385
+ # data as a hash:
10386
+ #
10387
+ # {
10388
+ # bucket: "BucketName", # required
10389
+ # content_md5: "ContentMD5",
10390
+ # expected_bucket_owner: "AccountId",
10391
+ # ownership_controls: { # required
10392
+ # rules: [ # required
10393
+ # {
10394
+ # object_ownership: "BucketOwnerPreferred", # required, accepts BucketOwnerPreferred, ObjectWriter
10395
+ # },
10396
+ # ],
10397
+ # },
10398
+ # }
10399
+ #
10400
+ # @!attribute [rw] bucket
10401
+ # The name of the Amazon S3 bucket whose `OwnershipControls` you want
10402
+ # to set.
10403
+ # @return [String]
10404
+ #
10405
+ # @!attribute [rw] content_md5
10406
+ # The MD5 hash of the `OwnershipControls` request body.
10407
+ # @return [String]
10408
+ #
10409
+ # @!attribute [rw] expected_bucket_owner
10410
+ # @return [String]
10411
+ #
10412
+ # @!attribute [rw] ownership_controls
10413
+ # The `OwnershipControls` (BucketOwnerPreferred or ObjectWriter) that
10414
+ # you want to apply to this Amazon S3 bucket.
10415
+ # @return [Types::OwnershipControls]
10416
+ #
10417
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketOwnershipControlsRequest AWS API Documentation
10418
+ #
10419
+ class PutBucketOwnershipControlsRequest < Struct.new(
10420
+ :bucket,
10421
+ :content_md5,
10422
+ :expected_bucket_owner,
10423
+ :ownership_controls)
9377
10424
  SENSITIVE = []
9378
10425
  include Aws::Structure
9379
10426
  end
@@ -9386,6 +10433,7 @@ module Aws::S3
9386
10433
  # content_md5: "ContentMD5",
9387
10434
  # confirm_remove_self_bucket_access: false,
9388
10435
  # policy: "Policy", # required
10436
+ # expected_bucket_owner: "AccountId",
9389
10437
  # }
9390
10438
  #
9391
10439
  # @!attribute [rw] bucket
@@ -9405,13 +10453,20 @@ module Aws::S3
9405
10453
  # The bucket policy as a JSON document.
9406
10454
  # @return [String]
9407
10455
  #
10456
+ # @!attribute [rw] expected_bucket_owner
10457
+ # The account id of the expected bucket owner. If the bucket is owned
10458
+ # by a different account, the request will fail with an HTTP `403
10459
+ # (Access Denied)` error.
10460
+ # @return [String]
10461
+ #
9408
10462
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketPolicyRequest AWS API Documentation
9409
10463
  #
9410
10464
  class PutBucketPolicyRequest < Struct.new(
9411
10465
  :bucket,
9412
10466
  :content_md5,
9413
10467
  :confirm_remove_self_bucket_access,
9414
- :policy)
10468
+ :policy,
10469
+ :expected_bucket_owner)
9415
10470
  SENSITIVE = []
9416
10471
  include Aws::Structure
9417
10472
  end
@@ -9457,7 +10512,7 @@ module Aws::S3
9457
10512
  # destination: { # required
9458
10513
  # bucket: "BucketName", # required
9459
10514
  # account: "AccountId",
9460
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
10515
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
9461
10516
  # access_control_translation: {
9462
10517
  # owner: "Destination", # required, accepts Destination
9463
10518
  # },
@@ -9484,6 +10539,7 @@ module Aws::S3
9484
10539
  # ],
9485
10540
  # },
9486
10541
  # token: "ObjectLockToken",
10542
+ # expected_bucket_owner: "AccountId",
9487
10543
  # }
9488
10544
  #
9489
10545
  # @!attribute [rw] bucket
@@ -9509,13 +10565,20 @@ module Aws::S3
9509
10565
  # @!attribute [rw] token
9510
10566
  # @return [String]
9511
10567
  #
10568
+ # @!attribute [rw] expected_bucket_owner
10569
+ # The account id of the expected bucket owner. If the bucket is owned
10570
+ # by a different account, the request will fail with an HTTP `403
10571
+ # (Access Denied)` error.
10572
+ # @return [String]
10573
+ #
9512
10574
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketReplicationRequest AWS API Documentation
9513
10575
  #
9514
10576
  class PutBucketReplicationRequest < Struct.new(
9515
10577
  :bucket,
9516
10578
  :content_md5,
9517
10579
  :replication_configuration,
9518
- :token)
10580
+ :token,
10581
+ :expected_bucket_owner)
9519
10582
  SENSITIVE = []
9520
10583
  include Aws::Structure
9521
10584
  end
@@ -9529,6 +10592,7 @@ module Aws::S3
9529
10592
  # request_payment_configuration: { # required
9530
10593
  # payer: "Requester", # required, accepts Requester, BucketOwner
9531
10594
  # },
10595
+ # expected_bucket_owner: "AccountId",
9532
10596
  # }
9533
10597
  #
9534
10598
  # @!attribute [rw] bucket
@@ -9550,12 +10614,19 @@ module Aws::S3
9550
10614
  # Container for Payer.
9551
10615
  # @return [Types::RequestPaymentConfiguration]
9552
10616
  #
10617
+ # @!attribute [rw] expected_bucket_owner
10618
+ # The account id of the expected bucket owner. If the bucket is owned
10619
+ # by a different account, the request will fail with an HTTP `403
10620
+ # (Access Denied)` error.
10621
+ # @return [String]
10622
+ #
9553
10623
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketRequestPaymentRequest AWS API Documentation
9554
10624
  #
9555
10625
  class PutBucketRequestPaymentRequest < Struct.new(
9556
10626
  :bucket,
9557
10627
  :content_md5,
9558
- :request_payment_configuration)
10628
+ :request_payment_configuration,
10629
+ :expected_bucket_owner)
9559
10630
  SENSITIVE = []
9560
10631
  include Aws::Structure
9561
10632
  end
@@ -9574,6 +10645,7 @@ module Aws::S3
9574
10645
  # },
9575
10646
  # ],
9576
10647
  # },
10648
+ # expected_bucket_owner: "AccountId",
9577
10649
  # }
9578
10650
  #
9579
10651
  # @!attribute [rw] bucket
@@ -9595,12 +10667,19 @@ module Aws::S3
9595
10667
  # Container for the `TagSet` and `Tag` elements.
9596
10668
  # @return [Types::Tagging]
9597
10669
  #
10670
+ # @!attribute [rw] expected_bucket_owner
10671
+ # The account id of the expected bucket owner. If the bucket is owned
10672
+ # by a different account, the request will fail with an HTTP `403
10673
+ # (Access Denied)` error.
10674
+ # @return [String]
10675
+ #
9598
10676
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketTaggingRequest AWS API Documentation
9599
10677
  #
9600
10678
  class PutBucketTaggingRequest < Struct.new(
9601
10679
  :bucket,
9602
10680
  :content_md5,
9603
- :tagging)
10681
+ :tagging,
10682
+ :expected_bucket_owner)
9604
10683
  SENSITIVE = []
9605
10684
  include Aws::Structure
9606
10685
  end
@@ -9616,6 +10695,7 @@ module Aws::S3
9616
10695
  # mfa_delete: "Enabled", # accepts Enabled, Disabled
9617
10696
  # status: "Enabled", # accepts Enabled, Suspended
9618
10697
  # },
10698
+ # expected_bucket_owner: "AccountId",
9619
10699
  # }
9620
10700
  #
9621
10701
  # @!attribute [rw] bucket
@@ -9643,13 +10723,20 @@ module Aws::S3
9643
10723
  # Container for setting the versioning state.
9644
10724
  # @return [Types::VersioningConfiguration]
9645
10725
  #
10726
+ # @!attribute [rw] expected_bucket_owner
10727
+ # The account id of the expected bucket owner. If the bucket is owned
10728
+ # by a different account, the request will fail with an HTTP `403
10729
+ # (Access Denied)` error.
10730
+ # @return [String]
10731
+ #
9646
10732
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketVersioningRequest AWS API Documentation
9647
10733
  #
9648
10734
  class PutBucketVersioningRequest < Struct.new(
9649
10735
  :bucket,
9650
10736
  :content_md5,
9651
10737
  :mfa,
9652
- :versioning_configuration)
10738
+ :versioning_configuration,
10739
+ :expected_bucket_owner)
9653
10740
  SENSITIVE = []
9654
10741
  include Aws::Structure
9655
10742
  end
@@ -9687,6 +10774,7 @@ module Aws::S3
9687
10774
  # },
9688
10775
  # ],
9689
10776
  # },
10777
+ # expected_bucket_owner: "AccountId",
9690
10778
  # }
9691
10779
  #
9692
10780
  # @!attribute [rw] bucket
@@ -9708,12 +10796,19 @@ module Aws::S3
9708
10796
  # Container for the request.
9709
10797
  # @return [Types::WebsiteConfiguration]
9710
10798
  #
10799
+ # @!attribute [rw] expected_bucket_owner
10800
+ # The account id of the expected bucket owner. If the bucket is owned
10801
+ # by a different account, the request will fail with an HTTP `403
10802
+ # (Access Denied)` error.
10803
+ # @return [String]
10804
+ #
9711
10805
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketWebsiteRequest AWS API Documentation
9712
10806
  #
9713
10807
  class PutBucketWebsiteRequest < Struct.new(
9714
10808
  :bucket,
9715
10809
  :content_md5,
9716
- :website_configuration)
10810
+ :website_configuration,
10811
+ :expected_bucket_owner)
9717
10812
  SENSITIVE = []
9718
10813
  include Aws::Structure
9719
10814
  end
@@ -9764,6 +10859,7 @@ module Aws::S3
9764
10859
  # key: "ObjectKey", # required
9765
10860
  # request_payer: "requester", # accepts requester
9766
10861
  # version_id: "ObjectVersionId",
10862
+ # expected_bucket_owner: "AccountId",
9767
10863
  # }
9768
10864
  #
9769
10865
  # @!attribute [rw] acl
@@ -9788,9 +10884,9 @@ module Aws::S3
9788
10884
  # to the access point hostname. The access point hostname takes the
9789
10885
  # form
9790
10886
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
9791
- # When using this operation using an access point through the AWS
9792
- # SDKs, you provide the access point ARN in place of the bucket name.
9793
- # For more information about access point ARNs, see [Using Access
10887
+ # When using this operation with an access point through the AWS SDKs,
10888
+ # you provide the access point ARN in place of the bucket name. For
10889
+ # more information about access point ARNs, see [Using Access
9794
10890
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
9795
10891
  #
9796
10892
  #
@@ -9812,14 +10908,20 @@ module Aws::S3
9812
10908
  # @!attribute [rw] grant_full_control
9813
10909
  # Allows grantee the read, write, read ACP, and write ACP permissions
9814
10910
  # on the bucket.
10911
+ #
10912
+ # This action is not supported by Amazon S3 on Outposts.
9815
10913
  # @return [String]
9816
10914
  #
9817
10915
  # @!attribute [rw] grant_read
9818
10916
  # Allows grantee to list the objects in the bucket.
10917
+ #
10918
+ # This action is not supported by Amazon S3 on Outposts.
9819
10919
  # @return [String]
9820
10920
  #
9821
10921
  # @!attribute [rw] grant_read_acp
9822
10922
  # Allows grantee to read the bucket ACL.
10923
+ #
10924
+ # This action is not supported by Amazon S3 on Outposts.
9823
10925
  # @return [String]
9824
10926
  #
9825
10927
  # @!attribute [rw] grant_write
@@ -9829,10 +10931,35 @@ module Aws::S3
9829
10931
  #
9830
10932
  # @!attribute [rw] grant_write_acp
9831
10933
  # Allows grantee to write the ACL for the applicable bucket.
10934
+ #
10935
+ # This action is not supported by Amazon S3 on Outposts.
9832
10936
  # @return [String]
9833
10937
  #
9834
10938
  # @!attribute [rw] key
9835
10939
  # Key for which the PUT operation was initiated.
10940
+ #
10941
+ # When using this API with an access point, you must direct requests
10942
+ # to the access point hostname. The access point hostname takes the
10943
+ # form
10944
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10945
+ # When using this operation with an access point through the AWS SDKs,
10946
+ # you provide the access point ARN in place of the bucket name. For
10947
+ # more information about access point ARNs, see [Using Access
10948
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10949
+ #
10950
+ # When using this API with Amazon S3 on Outposts, you must direct
10951
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
10952
+ # takes the form
10953
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
10954
+ # When using this operation using S3 on Outposts through the AWS SDKs,
10955
+ # you provide the Outposts bucket ARN in place of the bucket name. For
10956
+ # more information about S3 on Outposts ARNs, see [Using S3 on
10957
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
10958
+ #
10959
+ #
10960
+ #
10961
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
10962
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
9836
10963
  # @return [String]
9837
10964
  #
9838
10965
  # @!attribute [rw] request_payer
@@ -9851,6 +10978,12 @@ module Aws::S3
9851
10978
  # VersionId used to reference a specific version of the object.
9852
10979
  # @return [String]
9853
10980
  #
10981
+ # @!attribute [rw] expected_bucket_owner
10982
+ # The account id of the expected bucket owner. If the bucket is owned
10983
+ # by a different account, the request will fail with an HTTP `403
10984
+ # (Access Denied)` error.
10985
+ # @return [String]
10986
+ #
9854
10987
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectAclRequest AWS API Documentation
9855
10988
  #
9856
10989
  class PutObjectAclRequest < Struct.new(
@@ -9865,7 +10998,8 @@ module Aws::S3
9865
10998
  :grant_write_acp,
9866
10999
  :key,
9867
11000
  :request_payer,
9868
- :version_id)
11001
+ :version_id,
11002
+ :expected_bucket_owner)
9869
11003
  SENSITIVE = []
9870
11004
  include Aws::Structure
9871
11005
  end
@@ -9895,6 +11029,7 @@ module Aws::S3
9895
11029
  # request_payer: "requester", # accepts requester
9896
11030
  # version_id: "ObjectVersionId",
9897
11031
  # content_md5: "ContentMD5",
11032
+ # expected_bucket_owner: "AccountId",
9898
11033
  # }
9899
11034
  #
9900
11035
  # @!attribute [rw] bucket
@@ -9905,9 +11040,9 @@ module Aws::S3
9905
11040
  # to the access point hostname. The access point hostname takes the
9906
11041
  # form
9907
11042
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
9908
- # When using this operation using an access point through the AWS
9909
- # SDKs, you provide the access point ARN in place of the bucket name.
9910
- # For more information about access point ARNs, see [Using Access
11043
+ # When using this operation with an access point through the AWS SDKs,
11044
+ # you provide the access point ARN in place of the bucket name. For
11045
+ # more information about access point ARNs, see [Using Access
9911
11046
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
9912
11047
  #
9913
11048
  #
@@ -9944,6 +11079,12 @@ module Aws::S3
9944
11079
  # The MD5 hash for the request body.
9945
11080
  # @return [String]
9946
11081
  #
11082
+ # @!attribute [rw] expected_bucket_owner
11083
+ # The account id of the expected bucket owner. If the bucket is owned
11084
+ # by a different account, the request will fail with an HTTP `403
11085
+ # (Access Denied)` error.
11086
+ # @return [String]
11087
+ #
9947
11088
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLegalHoldRequest AWS API Documentation
9948
11089
  #
9949
11090
  class PutObjectLegalHoldRequest < Struct.new(
@@ -9952,7 +11093,8 @@ module Aws::S3
9952
11093
  :legal_hold,
9953
11094
  :request_payer,
9954
11095
  :version_id,
9955
- :content_md5)
11096
+ :content_md5,
11097
+ :expected_bucket_owner)
9956
11098
  SENSITIVE = []
9957
11099
  include Aws::Structure
9958
11100
  end
@@ -9988,6 +11130,7 @@ module Aws::S3
9988
11130
  # request_payer: "requester", # accepts requester
9989
11131
  # token: "ObjectLockToken",
9990
11132
  # content_md5: "ContentMD5",
11133
+ # expected_bucket_owner: "AccountId",
9991
11134
  # }
9992
11135
  #
9993
11136
  # @!attribute [rw] bucket
@@ -10020,6 +11163,12 @@ module Aws::S3
10020
11163
  # The MD5 hash for the request body.
10021
11164
  # @return [String]
10022
11165
  #
11166
+ # @!attribute [rw] expected_bucket_owner
11167
+ # The account id of the expected bucket owner. If the bucket is owned
11168
+ # by a different account, the request will fail with an HTTP `403
11169
+ # (Access Denied)` error.
11170
+ # @return [String]
11171
+ #
10023
11172
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectLockConfigurationRequest AWS API Documentation
10024
11173
  #
10025
11174
  class PutObjectLockConfigurationRequest < Struct.new(
@@ -10027,17 +11176,22 @@ module Aws::S3
10027
11176
  :object_lock_configuration,
10028
11177
  :request_payer,
10029
11178
  :token,
10030
- :content_md5)
11179
+ :content_md5,
11180
+ :expected_bucket_owner)
10031
11181
  SENSITIVE = []
10032
11182
  include Aws::Structure
10033
11183
  end
10034
11184
 
10035
11185
  # @!attribute [rw] expiration
10036
11186
  # If the expiration is configured for the object (see
10037
- # PutBucketLifecycleConfiguration), the response includes this header.
10038
- # It includes the expiry-date and rule-id key-value pairs that provide
10039
- # information about object expiration. The value of the rule-id is URL
10040
- # encoded.
11187
+ # [PutBucketLifecycleConfiguration][1]), the response includes this
11188
+ # header. It includes the expiry-date and rule-id key-value pairs that
11189
+ # provide information about object expiration. The value of the
11190
+ # rule-id is URL encoded.
11191
+ #
11192
+ #
11193
+ #
11194
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html
10041
11195
  # @return [String]
10042
11196
  #
10043
11197
  # @!attribute [rw] etag
@@ -10127,7 +11281,7 @@ module Aws::S3
10127
11281
  # "MetadataKey" => "MetadataValue",
10128
11282
  # },
10129
11283
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
10130
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
11284
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
10131
11285
  # website_redirect_location: "WebsiteRedirectLocation",
10132
11286
  # sse_customer_algorithm: "SSECustomerAlgorithm",
10133
11287
  # sse_customer_key: "SSECustomerKey",
@@ -10139,12 +11293,15 @@ module Aws::S3
10139
11293
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
10140
11294
  # object_lock_retain_until_date: Time.now,
10141
11295
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
11296
+ # expected_bucket_owner: "AccountId",
10142
11297
  # }
10143
11298
  #
10144
11299
  # @!attribute [rw] acl
10145
11300
  # The canned ACL to apply to the object. For more information, see
10146
11301
  # [Canned ACL][1].
10147
11302
  #
11303
+ # This action is not supported by Amazon S3 on Outposts.
11304
+ #
10148
11305
  #
10149
11306
  #
10150
11307
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
@@ -10155,20 +11312,30 @@ module Aws::S3
10155
11312
  # @return [IO]
10156
11313
  #
10157
11314
  # @!attribute [rw] bucket
10158
- # Bucket name to which the PUT operation was initiated.
11315
+ # The bucket name to which the PUT operation was initiated.
10159
11316
  #
10160
11317
  # When using this API with an access point, you must direct requests
10161
11318
  # to the access point hostname. The access point hostname takes the
10162
11319
  # form
10163
11320
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10164
- # When using this operation using an access point through the AWS
10165
- # SDKs, you provide the access point ARN in place of the bucket name.
10166
- # For more information about access point ARNs, see [Using Access
11321
+ # When using this operation with an access point through the AWS SDKs,
11322
+ # you provide the access point ARN in place of the bucket name. For
11323
+ # more information about access point ARNs, see [Using Access
10167
11324
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10168
11325
  #
11326
+ # When using this API with Amazon S3 on Outposts, you must direct
11327
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
11328
+ # takes the form
11329
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
11330
+ # When using this operation using S3 on Outposts through the AWS SDKs,
11331
+ # you provide the Outposts bucket ARN in place of the bucket name. For
11332
+ # more information about S3 on Outposts ARNs, see [Using S3 on
11333
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
11334
+ #
10169
11335
  #
10170
11336
  #
10171
11337
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
11338
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
10172
11339
  # @return [String]
10173
11340
  #
10174
11341
  # @!attribute [rw] cache_control
@@ -10255,18 +11422,26 @@ module Aws::S3
10255
11422
  # @!attribute [rw] grant_full_control
10256
11423
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
10257
11424
  # object.
11425
+ #
11426
+ # This action is not supported by Amazon S3 on Outposts.
10258
11427
  # @return [String]
10259
11428
  #
10260
11429
  # @!attribute [rw] grant_read
10261
11430
  # Allows grantee to read the object data and its metadata.
11431
+ #
11432
+ # This action is not supported by Amazon S3 on Outposts.
10262
11433
  # @return [String]
10263
11434
  #
10264
11435
  # @!attribute [rw] grant_read_acp
10265
11436
  # Allows grantee to read the object ACL.
11437
+ #
11438
+ # This action is not supported by Amazon S3 on Outposts.
10266
11439
  # @return [String]
10267
11440
  #
10268
11441
  # @!attribute [rw] grant_write_acp
10269
11442
  # Allows grantee to write the ACL for the applicable object.
11443
+ #
11444
+ # This action is not supported by Amazon S3 on Outposts.
10270
11445
  # @return [String]
10271
11446
  #
10272
11447
  # @!attribute [rw] key
@@ -10283,8 +11458,16 @@ module Aws::S3
10283
11458
  # @return [String]
10284
11459
  #
10285
11460
  # @!attribute [rw] storage_class
10286
- # If you don't specify, S3 Standard is the default storage class.
10287
- # Amazon S3 supports other storage classes.
11461
+ # By default, Amazon S3 uses the STANDARD Storage Class to store newly
11462
+ # created objects. The STANDARD storage class provides high durability
11463
+ # and high availability. Depending on performance needs, you can
11464
+ # specify a different Storage Class. Amazon S3 on Outposts only uses
11465
+ # the OUTPOSTS Storage Class. For more information, see [Storage
11466
+ # Classes][1] in the *Amazon S3 Service Developer Guide*.
11467
+ #
11468
+ #
11469
+ #
11470
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
10288
11471
  # @return [String]
10289
11472
  #
10290
11473
  # @!attribute [rw] website_redirect_location
@@ -10325,7 +11508,7 @@ module Aws::S3
10325
11508
  # in encrypting data. This value is used to store the object and then
10326
11509
  # it is discarded; Amazon S3 does not store the encryption key. The
10327
11510
  # key must be appropriate for use with the algorithm specified in the
10328
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
11511
+ # `x-amz-server-side-encryption-customer-algorithm` header.
10329
11512
  # @return [String]
10330
11513
  #
10331
11514
  # @!attribute [rw] sse_customer_key_md5
@@ -10389,6 +11572,12 @@ module Aws::S3
10389
11572
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
10390
11573
  # @return [String]
10391
11574
  #
11575
+ # @!attribute [rw] expected_bucket_owner
11576
+ # The account id of the expected bucket owner. If the bucket is owned
11577
+ # by a different account, the request will fail with an HTTP `403
11578
+ # (Access Denied)` error.
11579
+ # @return [String]
11580
+ #
10392
11581
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRequest AWS API Documentation
10393
11582
  #
10394
11583
  class PutObjectRequest < Struct.new(
@@ -10421,7 +11610,8 @@ module Aws::S3
10421
11610
  :tagging,
10422
11611
  :object_lock_mode,
10423
11612
  :object_lock_retain_until_date,
10424
- :object_lock_legal_hold_status)
11613
+ :object_lock_legal_hold_status,
11614
+ :expected_bucket_owner)
10425
11615
  SENSITIVE = [:sse_customer_key, :ssekms_key_id, :ssekms_encryption_context]
10426
11616
  include Aws::Structure
10427
11617
  end
@@ -10453,6 +11643,7 @@ module Aws::S3
10453
11643
  # version_id: "ObjectVersionId",
10454
11644
  # bypass_governance_retention: false,
10455
11645
  # content_md5: "ContentMD5",
11646
+ # expected_bucket_owner: "AccountId",
10456
11647
  # }
10457
11648
  #
10458
11649
  # @!attribute [rw] bucket
@@ -10463,9 +11654,9 @@ module Aws::S3
10463
11654
  # to the access point hostname. The access point hostname takes the
10464
11655
  # form
10465
11656
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10466
- # When using this operation using an access point through the AWS
10467
- # SDKs, you provide the access point ARN in place of the bucket name.
10468
- # For more information about access point ARNs, see [Using Access
11657
+ # When using this operation with an access point through the AWS SDKs,
11658
+ # you provide the access point ARN in place of the bucket name. For
11659
+ # more information about access point ARNs, see [Using Access
10469
11660
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10470
11661
  #
10471
11662
  #
@@ -10508,6 +11699,12 @@ module Aws::S3
10508
11699
  # The MD5 hash for the request body.
10509
11700
  # @return [String]
10510
11701
  #
11702
+ # @!attribute [rw] expected_bucket_owner
11703
+ # The account id of the expected bucket owner. If the bucket is owned
11704
+ # by a different account, the request will fail with an HTTP `403
11705
+ # (Access Denied)` error.
11706
+ # @return [String]
11707
+ #
10511
11708
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectRetentionRequest AWS API Documentation
10512
11709
  #
10513
11710
  class PutObjectRetentionRequest < Struct.new(
@@ -10517,7 +11714,8 @@ module Aws::S3
10517
11714
  :request_payer,
10518
11715
  :version_id,
10519
11716
  :bypass_governance_retention,
10520
- :content_md5)
11717
+ :content_md5,
11718
+ :expected_bucket_owner)
10521
11719
  SENSITIVE = []
10522
11720
  include Aws::Structure
10523
11721
  end
@@ -10550,6 +11748,7 @@ module Aws::S3
10550
11748
  # },
10551
11749
  # ],
10552
11750
  # },
11751
+ # expected_bucket_owner: "AccountId",
10553
11752
  # }
10554
11753
  #
10555
11754
  # @!attribute [rw] bucket
@@ -10559,14 +11758,24 @@ module Aws::S3
10559
11758
  # to the access point hostname. The access point hostname takes the
10560
11759
  # form
10561
11760
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10562
- # When using this operation using an access point through the AWS
10563
- # SDKs, you provide the access point ARN in place of the bucket name.
10564
- # For more information about access point ARNs, see [Using Access
11761
+ # When using this operation with an access point through the AWS SDKs,
11762
+ # you provide the access point ARN in place of the bucket name. For
11763
+ # more information about access point ARNs, see [Using Access
10565
11764
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
10566
11765
  #
11766
+ # When using this API with Amazon S3 on Outposts, you must direct
11767
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
11768
+ # takes the form
11769
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
11770
+ # When using this operation using S3 on Outposts through the AWS SDKs,
11771
+ # you provide the Outposts bucket ARN in place of the bucket name. For
11772
+ # more information about S3 on Outposts ARNs, see [Using S3 on
11773
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
11774
+ #
10567
11775
  #
10568
11776
  #
10569
11777
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
11778
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
10570
11779
  # @return [String]
10571
11780
  #
10572
11781
  # @!attribute [rw] key
@@ -10585,6 +11794,12 @@ module Aws::S3
10585
11794
  # Container for the `TagSet` and `Tag` elements
10586
11795
  # @return [Types::Tagging]
10587
11796
  #
11797
+ # @!attribute [rw] expected_bucket_owner
11798
+ # The account id of the expected bucket owner. If the bucket is owned
11799
+ # by a different account, the request will fail with an HTTP `403
11800
+ # (Access Denied)` error.
11801
+ # @return [String]
11802
+ #
10588
11803
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObjectTaggingRequest AWS API Documentation
10589
11804
  #
10590
11805
  class PutObjectTaggingRequest < Struct.new(
@@ -10592,7 +11807,8 @@ module Aws::S3
10592
11807
  :key,
10593
11808
  :version_id,
10594
11809
  :content_md5,
10595
- :tagging)
11810
+ :tagging,
11811
+ :expected_bucket_owner)
10596
11812
  SENSITIVE = []
10597
11813
  include Aws::Structure
10598
11814
  end
@@ -10609,6 +11825,7 @@ module Aws::S3
10609
11825
  # block_public_policy: false,
10610
11826
  # restrict_public_buckets: false,
10611
11827
  # },
11828
+ # expected_bucket_owner: "AccountId",
10612
11829
  # }
10613
11830
  #
10614
11831
  # @!attribute [rw] bucket
@@ -10632,12 +11849,19 @@ module Aws::S3
10632
11849
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
10633
11850
  # @return [Types::PublicAccessBlockConfiguration]
10634
11851
  #
11852
+ # @!attribute [rw] expected_bucket_owner
11853
+ # The account id of the expected bucket owner. If the bucket is owned
11854
+ # by a different account, the request will fail with an HTTP `403
11855
+ # (Access Denied)` error.
11856
+ # @return [String]
11857
+ #
10635
11858
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutPublicAccessBlockRequest AWS API Documentation
10636
11859
  #
10637
11860
  class PutPublicAccessBlockRequest < Struct.new(
10638
11861
  :bucket,
10639
11862
  :content_md5,
10640
- :public_access_block_configuration)
11863
+ :public_access_block_configuration,
11864
+ :expected_bucket_owner)
10641
11865
  SENSITIVE = []
10642
11866
  include Aws::Structure
10643
11867
  end
@@ -10702,11 +11926,15 @@ module Aws::S3
10702
11926
  include Aws::Structure
10703
11927
  end
10704
11928
 
10705
- # This data type is deprecated. Use QueueConfiguration for the same
11929
+ # This data type is deprecated. Use [QueueConfiguration][1] for the same
10706
11930
  # purposes. This data type specifies the configuration for publishing
10707
11931
  # messages to an Amazon Simple Queue Service (Amazon SQS) queue when
10708
11932
  # Amazon S3 detects specified events.
10709
11933
  #
11934
+ #
11935
+ #
11936
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html
11937
+ #
10710
11938
  # @note When making an API call, you may pass QueueConfigurationDeprecated
10711
11939
  # data as a hash:
10712
11940
  #
@@ -10890,7 +12118,7 @@ module Aws::S3
10890
12118
  # destination: { # required
10891
12119
  # bucket: "BucketName", # required
10892
12120
  # account: "AccountId",
10893
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12121
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
10894
12122
  # access_control_translation: {
10895
12123
  # owner: "Destination", # required, accepts Destination
10896
12124
  # },
@@ -10981,7 +12209,7 @@ module Aws::S3
10981
12209
  # destination: { # required
10982
12210
  # bucket: "BucketName", # required
10983
12211
  # account: "AccountId",
10984
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12212
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
10985
12213
  # access_control_translation: {
10986
12214
  # owner: "Destination", # required, accepts Destination
10987
12215
  # },
@@ -11406,11 +12634,12 @@ module Aws::S3
11406
12634
  # value: "MetadataValue",
11407
12635
  # },
11408
12636
  # ],
11409
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12637
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
11410
12638
  # },
11411
12639
  # },
11412
12640
  # },
11413
12641
  # request_payer: "requester", # accepts requester
12642
+ # expected_bucket_owner: "AccountId",
11414
12643
  # }
11415
12644
  #
11416
12645
  # @!attribute [rw] bucket
@@ -11420,14 +12649,24 @@ module Aws::S3
11420
12649
  # to the access point hostname. The access point hostname takes the
11421
12650
  # form
11422
12651
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
11423
- # When using this operation using an access point through the AWS
11424
- # SDKs, you provide the access point ARN in place of the bucket name.
11425
- # For more information about access point ARNs, see [Using Access
12652
+ # When using this operation with an access point through the AWS SDKs,
12653
+ # you provide the access point ARN in place of the bucket name. For
12654
+ # more information about access point ARNs, see [Using Access
11426
12655
  # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
11427
12656
  #
12657
+ # When using this API with Amazon S3 on Outposts, you must direct
12658
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
12659
+ # takes the form
12660
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
12661
+ # When using this operation using S3 on Outposts through the AWS SDKs,
12662
+ # you provide the Outposts bucket ARN in place of the bucket name. For
12663
+ # more information about S3 on Outposts ARNs, see [Using S3 on
12664
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
12665
+ #
11428
12666
  #
11429
12667
  #
11430
12668
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
12669
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
11431
12670
  # @return [String]
11432
12671
  #
11433
12672
  # @!attribute [rw] key
@@ -11454,6 +12693,12 @@ module Aws::S3
11454
12693
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
11455
12694
  # @return [String]
11456
12695
  #
12696
+ # @!attribute [rw] expected_bucket_owner
12697
+ # The account id of the expected bucket owner. If the bucket is owned
12698
+ # by a different account, the request will fail with an HTTP `403
12699
+ # (Access Denied)` error.
12700
+ # @return [String]
12701
+ #
11457
12702
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/RestoreObjectRequest AWS API Documentation
11458
12703
  #
11459
12704
  class RestoreObjectRequest < Struct.new(
@@ -11461,7 +12706,8 @@ module Aws::S3
11461
12706
  :key,
11462
12707
  :version_id,
11463
12708
  :restore_request,
11464
- :request_payer)
12709
+ :request_payer,
12710
+ :expected_bucket_owner)
11465
12711
  SENSITIVE = []
11466
12712
  include Aws::Structure
11467
12713
  end
@@ -11548,7 +12794,7 @@ module Aws::S3
11548
12794
  # value: "MetadataValue",
11549
12795
  # },
11550
12796
  # ],
11551
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
12797
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
11552
12798
  # },
11553
12799
  # },
11554
12800
  # }
@@ -11597,7 +12843,14 @@ module Aws::S3
11597
12843
  include Aws::Structure
11598
12844
  end
11599
12845
 
11600
- # Specifies the redirect behavior and when a redirect is applied.
12846
+ # Specifies the redirect behavior and when a redirect is applied. For
12847
+ # more information about routing rules, see [Configuring advanced
12848
+ # conditional redirects][1] in the *Amazon Simple Storage Service
12849
+ # Developer Guide*.
12850
+ #
12851
+ #
12852
+ #
12853
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html#advanced-conditional-redirects
11601
12854
  #
11602
12855
  # @note When making an API call, you may pass RoutingRule
11603
12856
  # data as a hash:
@@ -11823,7 +13076,7 @@ module Aws::S3
11823
13076
  # value: "MetadataValue",
11824
13077
  # },
11825
13078
  # ],
11826
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
13079
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
11827
13080
  # }
11828
13081
  #
11829
13082
  # @!attribute [rw] bucket_name
@@ -12017,6 +13270,7 @@ module Aws::S3
12017
13270
  # start: 1,
12018
13271
  # end: 1,
12019
13272
  # },
13273
+ # expected_bucket_owner: "AccountId",
12020
13274
  # }
12021
13275
  #
12022
13276
  # @!attribute [rw] bucket
@@ -12098,6 +13352,12 @@ module Aws::S3
12098
13352
  # within the last 50 bytes of the file.
12099
13353
  # @return [Types::ScanRange]
12100
13354
  #
13355
+ # @!attribute [rw] expected_bucket_owner
13356
+ # The account id of the expected bucket owner. If the bucket is owned
13357
+ # by a different account, the request will fail with an HTTP `403
13358
+ # (Access Denied)` error.
13359
+ # @return [String]
13360
+ #
12101
13361
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SelectObjectContentRequest AWS API Documentation
12102
13362
  #
12103
13363
  class SelectObjectContentRequest < Struct.new(
@@ -12111,7 +13371,8 @@ module Aws::S3
12111
13371
  :request_progress,
12112
13372
  :input_serialization,
12113
13373
  :output_serialization,
12114
- :scan_range)
13374
+ :scan_range,
13375
+ :expected_bucket_owner)
12115
13376
  SENSITIVE = [:sse_customer_key]
12116
13377
  include Aws::Structure
12117
13378
  end
@@ -12533,7 +13794,7 @@ module Aws::S3
12533
13794
  # @return [Types::Grantee]
12534
13795
  #
12535
13796
  # @!attribute [rw] permission
12536
- # Logging permissions assigned to the Grantee for the bucket.
13797
+ # Logging permissions assigned to the grantee for the bucket.
12537
13798
  # @return [String]
12538
13799
  #
12539
13800
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/TargetGrant AWS API Documentation
@@ -12614,7 +13875,11 @@ module Aws::S3
12614
13875
  # A container for specifying the configuration for publication of
12615
13876
  # messages to an Amazon Simple Notification Service (Amazon SNS) topic
12616
13877
  # when Amazon S3 detects specified events. This data type is deprecated.
12617
- # Use TopicConfiguration instead.
13878
+ # Use [TopicConfiguration][1] instead.
13879
+ #
13880
+ #
13881
+ #
13882
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_TopicConfiguration.html
12618
13883
  #
12619
13884
  # @note When making an API call, you may pass TopicConfigurationDeprecated
12620
13885
  # data as a hash:
@@ -12773,15 +14038,82 @@ module Aws::S3
12773
14038
  # copy_source_sse_customer_key: "CopySourceSSECustomerKey",
12774
14039
  # copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
12775
14040
  # request_payer: "requester", # accepts requester
14041
+ # expected_bucket_owner: "AccountId",
14042
+ # expected_source_bucket_owner: "AccountId",
12776
14043
  # }
12777
14044
  #
12778
14045
  # @!attribute [rw] bucket
12779
14046
  # The bucket name.
14047
+ #
14048
+ # When using this API with an access point, you must direct requests
14049
+ # to the access point hostname. The access point hostname takes the
14050
+ # form
14051
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
14052
+ # When using this operation with an access point through the AWS SDKs,
14053
+ # you provide the access point ARN in place of the bucket name. For
14054
+ # more information about access point ARNs, see [Using Access
14055
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
14056
+ #
14057
+ # When using this API with Amazon S3 on Outposts, you must direct
14058
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
14059
+ # takes the form
14060
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
14061
+ # When using this operation using S3 on Outposts through the AWS SDKs,
14062
+ # you provide the Outposts bucket ARN in place of the bucket name. For
14063
+ # more information about S3 on Outposts ARNs, see [Using S3 on
14064
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
14065
+ #
14066
+ #
14067
+ #
14068
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
14069
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
12780
14070
  # @return [String]
12781
14071
  #
12782
14072
  # @!attribute [rw] copy_source
12783
- # The name of the source bucket and key name of the source object,
12784
- # separated by a slash (/). Must be URL-encoded.
14073
+ # Specifies the source object for the copy operation. You specify the
14074
+ # value in one of two formats, depending on whether you want to access
14075
+ # the source object through an [access point][1]\:
14076
+ #
14077
+ # * For objects not accessed through an access point, specify the name
14078
+ # of the source bucket and key of the source object, separated by a
14079
+ # slash (/). For example, to copy the object `reports/january.pdf`
14080
+ # from the bucket `awsexamplebucket`, use
14081
+ # `awsexamplebucket/reports/january.pdf`. The value must be URL
14082
+ # encoded.
14083
+ #
14084
+ # * For objects accessed through access points, specify the Amazon
14085
+ # Resource Name (ARN) of the object as accessed through the access
14086
+ # point, in the format
14087
+ # `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
14088
+ # For example, to copy the object `reports/january.pdf` through
14089
+ # access point `my-access-point` owned by account `123456789012` in
14090
+ # Region `us-west-2`, use the URL encoding of
14091
+ # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
14092
+ # The value must be URL encoded.
14093
+ #
14094
+ # <note markdown="1"> Amazon S3 supports copy operations using access points only when
14095
+ # the source and destination buckets are in the same AWS Region.
14096
+ #
14097
+ # </note>
14098
+ #
14099
+ # Alternatively, for objects accessed through Amazon S3 on Outposts,
14100
+ # specify the ARN of the object as accessed in the format
14101
+ # `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
14102
+ # For example, to copy the object `reports/january.pdf` through
14103
+ # outpost `my-outpost` owned by account `123456789012` in Region
14104
+ # `us-west-2`, use the URL encoding of
14105
+ # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
14106
+ # The value must be URL encoded.
14107
+ #
14108
+ # To copy a specific version of an object, append
14109
+ # `?versionId=<version-id>` to the value (for example,
14110
+ # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
14111
+ # If you don't specify a version ID, Amazon S3 copies the latest
14112
+ # version of the source object.
14113
+ #
14114
+ #
14115
+ #
14116
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
12785
14117
  # @return [String]
12786
14118
  #
12787
14119
  # @!attribute [rw] copy_source_if_match
@@ -12835,8 +14167,8 @@ module Aws::S3
12835
14167
  # in encrypting data. This value is used to store the object and then
12836
14168
  # it is discarded; Amazon S3 does not store the encryption key. The
12837
14169
  # key must be appropriate for use with the algorithm specified in the
12838
- # `x-amz-server-side​-encryption​-customer-algorithm` header. This
12839
- # must be the same encryption key specified in the initiate multipart
14170
+ # `x-amz-server-side-encryption-customer-algorithm` header. This must
14171
+ # be the same encryption key specified in the initiate multipart
12840
14172
  # upload request.
12841
14173
  # @return [String]
12842
14174
  #
@@ -12875,6 +14207,18 @@ module Aws::S3
12875
14207
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
12876
14208
  # @return [String]
12877
14209
  #
14210
+ # @!attribute [rw] expected_bucket_owner
14211
+ # The account id of the expected destination bucket owner. If the
14212
+ # destination bucket is owned by a different account, the request will
14213
+ # fail with an HTTP `403 (Access Denied)` error.
14214
+ # @return [String]
14215
+ #
14216
+ # @!attribute [rw] expected_source_bucket_owner
14217
+ # The account id of the expected source bucket owner. If the source
14218
+ # bucket is owned by a different account, the request will fail with
14219
+ # an HTTP `403 (Access Denied)` error.
14220
+ # @return [String]
14221
+ #
12878
14222
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopyRequest AWS API Documentation
12879
14223
  #
12880
14224
  class UploadPartCopyRequest < Struct.new(
@@ -12894,7 +14238,9 @@ module Aws::S3
12894
14238
  :copy_source_sse_customer_algorithm,
12895
14239
  :copy_source_sse_customer_key,
12896
14240
  :copy_source_sse_customer_key_md5,
12897
- :request_payer)
14241
+ :request_payer,
14242
+ :expected_bucket_owner,
14243
+ :expected_source_bucket_owner)
12898
14244
  SENSITIVE = [:sse_customer_key, :copy_source_sse_customer_key]
12899
14245
  include Aws::Structure
12900
14246
  end
@@ -12960,6 +14306,7 @@ module Aws::S3
12960
14306
  # sse_customer_key: "SSECustomerKey",
12961
14307
  # sse_customer_key_md5: "SSECustomerKeyMD5",
12962
14308
  # request_payer: "requester", # accepts requester
14309
+ # expected_bucket_owner: "AccountId",
12963
14310
  # }
12964
14311
  #
12965
14312
  # @!attribute [rw] body
@@ -12967,7 +14314,30 @@ module Aws::S3
12967
14314
  # @return [IO]
12968
14315
  #
12969
14316
  # @!attribute [rw] bucket
12970
- # Name of the bucket to which the multipart upload was initiated.
14317
+ # The name of the bucket to which the multipart upload was initiated.
14318
+ #
14319
+ # When using this API with an access point, you must direct requests
14320
+ # to the access point hostname. The access point hostname takes the
14321
+ # form
14322
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
14323
+ # When using this operation with an access point through the AWS SDKs,
14324
+ # you provide the access point ARN in place of the bucket name. For
14325
+ # more information about access point ARNs, see [Using Access
14326
+ # Points][1] in the *Amazon Simple Storage Service Developer Guide*.
14327
+ #
14328
+ # When using this API with Amazon S3 on Outposts, you must direct
14329
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
14330
+ # takes the form
14331
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
14332
+ # When using this operation using S3 on Outposts through the AWS SDKs,
14333
+ # you provide the Outposts bucket ARN in place of the bucket name. For
14334
+ # more information about S3 on Outposts ARNs, see [Using S3 on
14335
+ # Outposts][2] in the *Amazon Simple Storage Service Developer Guide*.
14336
+ #
14337
+ #
14338
+ #
14339
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html
14340
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html
12971
14341
  # @return [String]
12972
14342
  #
12973
14343
  # @!attribute [rw] content_length
@@ -13005,8 +14375,8 @@ module Aws::S3
13005
14375
  # in encrypting data. This value is used to store the object and then
13006
14376
  # it is discarded; Amazon S3 does not store the encryption key. The
13007
14377
  # key must be appropriate for use with the algorithm specified in the
13008
- # `x-amz-server-side​-encryption​-customer-algorithm header`. This
13009
- # must be the same encryption key specified in the initiate multipart
14378
+ # `x-amz-server-side-encryption-customer-algorithm header`. This must
14379
+ # be the same encryption key specified in the initiate multipart
13010
14380
  # upload request.
13011
14381
  # @return [String]
13012
14382
  #
@@ -13028,6 +14398,12 @@ module Aws::S3
13028
14398
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
13029
14399
  # @return [String]
13030
14400
  #
14401
+ # @!attribute [rw] expected_bucket_owner
14402
+ # The account id of the expected bucket owner. If the bucket is owned
14403
+ # by a different account, the request will fail with an HTTP `403
14404
+ # (Access Denied)` error.
14405
+ # @return [String]
14406
+ #
13031
14407
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartRequest AWS API Documentation
13032
14408
  #
13033
14409
  class UploadPartRequest < Struct.new(
@@ -13041,7 +14417,8 @@ module Aws::S3
13041
14417
  :sse_customer_algorithm,
13042
14418
  :sse_customer_key,
13043
14419
  :sse_customer_key_md5,
13044
- :request_payer)
14420
+ :request_payer,
14421
+ :expected_bucket_owner)
13045
14422
  SENSITIVE = [:sse_customer_key]
13046
14423
  include Aws::Structure
13047
14424
  end