aws-sdk-s3 1.83.1 → 1.87.0

data/lib/aws-sdk-s3/customizations.rb

@@ -29,6 +29,6 @@ require 'aws-sdk-s3/customizations/types/list_object_versions_output'
   Aws::S3::ObjectVersion::Collection,
 ].each do |klass|
   klass.send(:alias_method, :delete, :batch_delete!)
-  klass.send(:extend, Aws::Deprecations)
+  klass.extend Aws::Deprecations
   klass.send(:deprecated, :delete, use: :batch_delete!)
 end

data/lib/aws-sdk-s3/errors.rb

@@ -29,6 +29,7 @@ module Aws::S3
   # ## Error Classes
   # * {BucketAlreadyExists}
   # * {BucketAlreadyOwnedByYou}
+  # * {InvalidObjectState}
   # * {NoSuchBucket}
   # * {NoSuchKey}
   # * {NoSuchUpload}
@@ -61,6 +62,26 @@ module Aws::S3
       end
     end
 
+    class InvalidObjectState < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3::Types::InvalidObjectState] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def storage_class
+        @data[:storage_class]
+      end
+
+      # @return [String]
+      def access_tier
+        @data[:access_tier]
+      end
+    end
+
     class NoSuchBucket < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-s3/legacy_signer.rb

@@ -4,7 +4,6 @@ require 'set'
 require 'time'
 require 'openssl'
 require 'cgi'
-require 'webrick/httputils'
 require 'aws-sdk-core/query'
 
 module Aws
@@ -157,33 +156,24 @@ module Aws
       end
 
       def uri_escape(s)
-
         #URI.escape(s)
 
-        # URI.escape is deprecated, replacing it with escape from webrick
-        # to squelch the massive number of warnings generated from Ruby.
-        # The following script was used to determine the differences
-        # between the various escape methods available. The webrick
-        # escape only had two differences and it is available in the
-        # standard lib.
-        #
-        #     (0..255).each {|c|
-        #       s = [c].pack("C")
-        #       e = [
-        #         CGI.escape(s),
-        #         ERB::Util.url_encode(s),
-        #         URI.encode_www_form_component(s),
-        #         WEBrick::HTTPUtils.escape_form(s),
-        #         WEBrick::HTTPUtils.escape(s),
-        #         URI.escape(s),
-        #       ]
-        #       next if e.uniq.length == 1
-        #       puts("%5s %5s %5s %5s %5s %5s %5s" % ([s.inspect] + e))
-        #     }
-        #
-        WEBrick::HTTPUtils.escape(s).gsub('%5B', '[').gsub('%5D', ']')
+        # (0..255).each {|c|
+        #   s = [c].pack("C")
+        #   e = [
+        #     CGI.escape(s),
+        #     ERB::Util.url_encode(s),
+        #     URI.encode_www_form_component(s),
+        #     WEBrick::HTTPUtils.escape_form(s),
+        #     WEBrick::HTTPUtils.escape(s),
+        #     URI.escape(s),
+        #     URI::DEFAULT_PARSER.escape(s)
+        #   ]
+        #   next if e.uniq.length == 1
+        #   puts("%5s %5s %5s %5s %5s %5s %5s %5s" % ([s.inspect] + e))
+        # }
+        URI::DEFAULT_PARSER.escape(s)
       end
-
     end
   end
 end

data/lib/aws-sdk-s3/object.rb

@@ -91,6 +91,12 @@ module Aws::S3
       data[:restore]
     end
 
+    # The archive state of the head object.
+    # @return [String]
+    def archive_status
+      data[:archive_status]
+    end
+
     # Last modified date of the object
     # @return [Time]
     def last_modified
@@ -218,6 +224,13 @@ module Aws::S3
       data[:ssekms_key_id]
     end
 
+    # Indicates whether the object uses an S3 Bucket Key for server-side
+    # encryption with AWS KMS (SSE-KMS).
+    # @return [Boolean]
+    def bucket_key_enabled
+      data[:bucket_key_enabled]
+    end
+
     # Provides storage class information of the object. Amazon S3 returns
     # this header for all objects except for S3 Standard storage class
     # objects.
@@ -240,12 +253,12 @@ module Aws::S3
     end
 
     # Amazon S3 can return this header if your request involves a bucket
-    # that is either a source or destination in a replication rule.
+    # that is either a source or a destination in a replication rule.
     #
     # In replication, you have a source bucket on which you configure
-    # replication and destination bucket where Amazon S3 stores object
-    # replicas. When you request an object (`GetObject`) or object metadata
-    # (`HeadObject`) from these buckets, Amazon S3 will return the
+    # replication and destination bucket or buckets where Amazon S3 stores
+    # object replicas. When you request an object (`GetObject`) or object
+    # metadata (`HeadObject`) from these buckets, Amazon S3 will return the
     # `x-amz-replication-status` header in the response as follows:
     #
     # * If requesting an object from the source bucket — Amazon S3 will
@@ -261,9 +274,18 @@ module Aws::S3
     #   value PENDING, COMPLETED or FAILED indicating object replication
     #   status.
     #
-    # * If requesting an object from the destination bucket — Amazon S3 will
+    # * If requesting an object from a destination bucket — Amazon S3 will
     #   return the `x-amz-replication-status` header with value REPLICA if
-    #   the object in your request is a replica that Amazon S3 created.
+    #   the object in your request is a replica that Amazon S3 created and
+    #   there is no replica modification replication in progress.
+    #
+    # * When replicating objects to multiple destination buckets the
+    #   `x-amz-replication-status` header acts differently. The header of
+    #   the source object will only return a value of COMPLETED when
+    #   replication is successful to all destinations. The header will
+    #   remain at value PENDING until replication has completed for all
+    #   destinations. If one or more destinations fails replication the
+    #   header will return FAILED.
     #
     # For more information, see [Replication][1].
     #
@@ -537,6 +559,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
     #     copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #     copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
@@ -693,6 +716,14 @@ module Aws::S3
     #   Specifies the AWS KMS Encryption Context to use for object encryption.
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
+    # @option options [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a COPY operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
     # @option options [String] :copy_source_sse_customer_algorithm
     #   Specifies the algorithm to use when decrypting the source object (for
     #   example, AES256).
@@ -916,6 +947,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     request_payer: "requester", # accepts requester
     #     tagging: "TaggingHeader",
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -1007,6 +1039,14 @@ module Aws::S3
     #   Specifies the AWS KMS Encryption Context to use for object encryption.
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
+    # @option options [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with an object operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
@@ -1075,6 +1115,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     request_payer: "requester", # accepts requester
     #     tagging: "TaggingHeader",
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -1244,6 +1285,14 @@ module Aws::S3
     #   Specifies the AWS KMS Encryption Context to use for object encryption.
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
+    # @option options [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a PUT operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their

data/lib/aws-sdk-s3/object_acl.rb

@@ -247,6 +247,9 @@ module Aws::S3
     #   not corrupted in transit. For more information, go to [RFC
     #   1864.>][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt

data/lib/aws-sdk-s3/object_summary.rb

@@ -302,6 +302,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
     #     copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #     copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
@@ -458,6 +459,14 @@ module Aws::S3
     #   Specifies the AWS KMS Encryption Context to use for object encryption.
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
+    # @option options [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a COPY operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
     # @option options [String] :copy_source_sse_customer_algorithm
     #   Specifies the algorithm to use when decrypting the source object (for
     #   example, AES256).
@@ -681,6 +690,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     request_payer: "requester", # accepts requester
     #     tagging: "TaggingHeader",
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -772,6 +782,14 @@ module Aws::S3
     #   Specifies the AWS KMS Encryption Context to use for object encryption.
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
+    # @option options [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with an object operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
@@ -840,6 +858,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     request_payer: "requester", # accepts requester
     #     tagging: "TaggingHeader",
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -1009,6 +1028,14 @@ module Aws::S3
     #   Specifies the AWS KMS Encryption Context to use for object encryption.
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
+    # @option options [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a PUT operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their

data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb

@@ -28,8 +28,13 @@ region. Defaults to `legacy` mode using global endpoint.
           def call(context)
             # keep legacy global endpoint pattern by default
             if context.config.s3_us_east_1_regional_endpoint == 'legacy'
-              context.http_request.endpoint.host = IADRegionalEndpoint.legacy_host(
-                context.http_request.endpoint.host)
+              host = context.http_request.endpoint.host
+              # if it's an ARN, don't touch the endpoint at all
+              # TODO this should use context.metadata[:s3_arn] later
+              unless host.include?('.s3-outposts.') || host.include?('.s3-accesspoint.')
+                legacy_host = IADRegionalEndpoint.legacy_host(host)
+                context.http_request.endpoint.host = legacy_host
+              end
             end
             @handler.call(context)
           end

data/lib/aws-sdk-s3/plugins/s3_signer.rb

@@ -82,7 +82,7 @@ module Aws
 
               if arn
                 S3Signer.build_v4_signer(
-                  service: arn.respond_to?(:outpost_id) ? 's3-outposts' : 's3',
+                  service: arn.service,
                   region: resolved_region,
                   credentials: context.config.credentials
                 )

data/lib/aws-sdk-s3/presigner.rb

@@ -196,7 +196,7 @@ module Aws
         req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
         req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
 
-        signer = build_signer(req.context.config, unsigned_headers)
+        signer = build_signer(req.context, unsigned_headers)
 
         req.handle(step: :send) do |context|
           if scheme != http_req.endpoint.scheme
@@ -240,14 +240,27 @@ module Aws
         x_amz_headers
       end
 
-      def build_signer(cfg, unsigned_headers)
-        Aws::Sigv4::Signer.new(
+      def build_signer(context, unsigned_headers)
+        signer_opts = {
           service: 's3',
-          region: cfg.region,
-          credentials_provider: cfg.credentials,
+          region: context.config.region,
+          credentials_provider: context.config.credentials,
           unsigned_headers: unsigned_headers,
           uri_escape_path: false
+        }
+
+        resolved_region, arn = Aws::S3::Plugins::ARN.resolve_arn!(
+          context.params[:bucket],
+          context.config.sigv4_signer.region,
+          context.config.s3_use_arn_region
         )
+
+        if arn
+          signer_opts[:region] = resolved_region
+          signer_opts[:service] = arn.service
+        end
+
+        Aws::Sigv4::Signer.new(signer_opts)
       end
     end
   end

data/lib/aws-sdk-s3/types.rb

@@ -459,7 +459,8 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] creation_date
-    #   Date the bucket was created.
+    #   Date the bucket was created. This date can change when making
+    #   changes to your bucket, such as editing its bucket policy.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Bucket AWS API Documentation
@@ -973,6 +974,11 @@ module Aws::S3
     #   used for the object.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the multipart upload uses an S3 Bucket Key for
+    #   server-side encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_charged
     #   If present, indicates that the requester was successfully charged
     #   for the request.
@@ -989,6 +995,7 @@ module Aws::S3
       :server_side_encryption,
       :version_id,
       :ssekms_key_id,
+      :bucket_key_enabled,
       :request_charged)
       SENSITIVE = [:ssekms_key_id]
       include Aws::Structure
@@ -1213,6 +1220,11 @@ module Aws::S3
     #   pairs.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the copied object uses an S3 Bucket Key for
+    #   server-side encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_charged
     #   If present, indicates that the requester was successfully charged
     #   for the request.
@@ -1230,6 +1242,7 @@ module Aws::S3
       :sse_customer_key_md5,
       :ssekms_key_id,
       :ssekms_encryption_context,
+      :bucket_key_enabled,
       :request_charged)
       SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
@@ -1270,6 +1283,7 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         ssekms_key_id: "SSEKMSKeyId",
     #         ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #         bucket_key_enabled: false,
     #         copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
     #         copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #         copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
@@ -1513,6 +1527,16 @@ module Aws::S3
     #   string holding JSON with the encryption context key-value pairs.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket
+    #   Key for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a COPY operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
+    #   @return [Boolean]
+    #
     # @!attribute [rw] copy_source_sse_customer_algorithm
     #   Specifies the algorithm to use when decrypting the source object
     #   (for example, AES256).
@@ -1606,6 +1630,7 @@ module Aws::S3
       :sse_customer_key_md5,
       :ssekms_key_id,
       :ssekms_encryption_context,
+      :bucket_key_enabled,
       :copy_source_sse_customer_algorithm,
       :copy_source_sse_customer_key,
       :copy_source_sse_customer_key_md5,
@@ -1859,6 +1884,11 @@ module Aws::S3
     #   pairs.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the multipart upload uses an S3 Bucket Key for
+    #   server-side encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_charged
     #   If present, indicates that the requester was successfully charged
     #   for the request.
@@ -1877,6 +1907,7 @@ module Aws::S3
       :sse_customer_key_md5,
       :ssekms_key_id,
       :ssekms_encryption_context,
+      :bucket_key_enabled,
       :request_charged)
       SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
@@ -1910,6 +1941,7 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         ssekms_key_id: "SSEKMSKeyId",
     #         ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #         bucket_key_enabled: false,
     #         request_payer: "requester", # accepts requester
     #         tagging: "TaggingHeader",
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -2074,6 +2106,16 @@ module Aws::S3
     #   string holding JSON with the encryption context key-value pairs.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket
+    #   Key for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with an object operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
@@ -2136,6 +2178,7 @@ module Aws::S3
       :sse_customer_key_md5,
       :ssekms_key_id,
       :ssekms_encryption_context,
+      :bucket_key_enabled,
       :request_payer,
       :tagging,
       :object_lock_mode,
@@ -2305,6 +2348,32 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteBucketIntelligentTieringConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "BucketName", # required
+    #         id: "IntelligentTieringId", # required
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The name of the Amazon S3 bucket whose configuration you want to
+    #   modify or retrieve.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The ID used to identify the S3 Intelligent-Tiering configuration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketIntelligentTieringConfigurationRequest AWS API Documentation
+    #
+    class DeleteBucketIntelligentTieringConfigurationRequest < Struct.new(
+      :bucket,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteBucketInventoryConfigurationRequest
     #   data as a hash:
     #
@@ -2413,6 +2482,9 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/DeleteBucketOwnershipControlsRequest AWS API Documentation
@@ -2595,25 +2667,28 @@ module Aws::S3
       include Aws::Structure
     end
 
-    # Specifies whether Amazon S3 replicates the delete markers. If you
-    # specify a `Filter`, you must specify this element. However, in the
-    # latest version of replication configuration (when `Filter` is
-    # specified), Amazon S3 doesn't replicate delete markers. Therefore,
-    # the `DeleteMarkerReplication` element can contain only
-    # &lt;Status&gt;Disabled&lt;/Status&gt;. For an example configuration,
-    # see [Basic Rule Configuration][1].
+    # Specifies whether Amazon S3 replicates delete markers. If you specify
+    # a `Filter` in your replication configuration, you must also include a
+    # `DeleteMarkerReplication` element. If your `Filter` includes a `Tag`
+    # element, the `DeleteMarkerReplication` `Status` must be set to
+    # Disabled, because Amazon S3 does not support replicating delete
+    # markers for tag-based rules. For an example configuration, see [Basic
+    # Rule Configuration][1].
     #
-    # <note markdown="1"> If you don't specify the `Filter` element, Amazon S3 assumes that the
-    # replication configuration is the earlier version, V1. In the earlier
-    # version, Amazon S3 handled replication of delete markers differently.
-    # For more information, see [Backward Compatibility][2].
+    # For more information about delete marker replication, see [Basic Rule
+    # Configuration][2].
+    #
+    # <note markdown="1"> If you are using an earlier version of the replication configuration,
+    # Amazon S3 handles replication of delete markers differently. For more
+    # information, see [Backward Compatibility][3].
     #
     #  </note>
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
     #
     # @note When making an API call, you may pass DeleteMarkerReplication
     #   data as a hash:
@@ -2625,8 +2700,7 @@ module Aws::S3
     # @!attribute [rw] status
     #   Indicates whether to replicate delete markers.
     #
-    #   <note markdown="1"> In the current implementation, Amazon S3 doesn't replicate the
-    #   delete markers. The status must be `Disabled`.
+    #   <note markdown="1"> Indicates whether to replicate delete markers.
     #
     #    </note>
     #   @return [String]
@@ -3039,7 +3113,7 @@ module Aws::S3
     #         },
     #         metrics: {
     #           status: "Enabled", # required, accepts Enabled, Disabled
-    #           event_threshold: { # required
+    #           event_threshold: {
     #             minutes: 1,
     #           },
     #         },
@@ -3102,8 +3176,7 @@ module Aws::S3
     #
     # @!attribute [rw] metrics
     #   A container specifying replication metrics-related settings enabling
-    #   metrics and Amazon S3 events for S3 Replication Time Control (S3
-    #   RTC). Must be specified together with a `ReplicationTime` block.
+    #   replication metrics and events.
     #   @return [Types::Metrics]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Destination AWS API Documentation
@@ -4326,6 +4399,44 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] intelligent_tiering_configuration
+    #   Container for S3 Intelligent-Tiering configuration.
+    #   @return [Types::IntelligentTieringConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfigurationOutput AWS API Documentation
+    #
+    class GetBucketIntelligentTieringConfigurationOutput < Struct.new(
+      :intelligent_tiering_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketIntelligentTieringConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "BucketName", # required
+    #         id: "IntelligentTieringId", # required
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The name of the Amazon S3 bucket whose configuration you want to
+    #   modify or retrieve.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The ID used to identify the S3 Intelligent-Tiering configuration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketIntelligentTieringConfigurationRequest AWS API Documentation
+    #
+    class GetBucketIntelligentTieringConfigurationRequest < Struct.new(
+      :bucket,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] inventory_configuration
     #   Specifies the inventory configuration.
     #   @return [Types::InventoryConfiguration]
@@ -4643,6 +4754,9 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketOwnershipControlsRequest AWS API Documentation
@@ -5299,6 +5413,11 @@ module Aws::S3
     #   used for the object.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the object uses an S3 Bucket Key for server-side
+    #   encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] storage_class
     #   Provides storage class information of the object. Amazon S3 returns
     #   this header for all objects except for S3 Standard storage class
@@ -5364,6 +5483,7 @@ module Aws::S3
       :sse_customer_algorithm,
       :sse_customer_key_md5,
       :ssekms_key_id,
+      :bucket_key_enabled,
       :storage_class,
       :request_charged,
       :replication_status,
@@ -5847,7 +5967,7 @@ module Aws::S3
     #       }
     #
     # @!attribute [rw] tier
-    #   S3 Glacier retrieval tier at which the restore will be processed.
+    #   Retrieval tier at which the restore will be processed.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GlacierJobParameters AWS API Documentation
@@ -6055,6 +6175,10 @@ module Aws::S3
     #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations
     #   @return [String]
     #
+    # @!attribute [rw] archive_status
+    #   The archive state of the head object.
+    #   @return [String]
+    #
     # @!attribute [rw] last_modified
     #   Last modified date of the object
     #   @return [Time]
@@ -6147,6 +6271,11 @@ module Aws::S3
     #   used for the object.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the object uses an S3 Bucket Key for server-side
+    #   encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] storage_class
     #   Provides storage class information of the object. Amazon S3 returns
     #   this header for all objects except for S3 Standard storage class
@@ -6166,11 +6295,11 @@ module Aws::S3
     #
     # @!attribute [rw] replication_status
     #   Amazon S3 can return this header if your request involves a bucket
-    #   that is either a source or destination in a replication rule.
+    #   that is either a source or a destination in a replication rule.
     #
     #   In replication, you have a source bucket on which you configure
-    #   replication and destination bucket where Amazon S3 stores object
-    #   replicas. When you request an object (`GetObject`) or object
+    #   replication and destination bucket or buckets where Amazon S3 stores
+    #   object replicas. When you request an object (`GetObject`) or object
     #   metadata (`HeadObject`) from these buckets, Amazon S3 will return
     #   the `x-amz-replication-status` header in the response as follows:
     #
@@ -6187,10 +6316,18 @@ module Aws::S3
     #     header with value PENDING, COMPLETED or FAILED indicating object
     #     replication status.
     #
-    #   * If requesting an object from the destination bucket — Amazon S3
-    #     will return the `x-amz-replication-status` header with value
-    #     REPLICA if the object in your request is a replica that Amazon S3
-    #     created.
+    #   * If requesting an object from a destination bucket — Amazon S3 will
+    #     return the `x-amz-replication-status` header with value REPLICA if
+    #     the object in your request is a replica that Amazon S3 created and
+    #     there is no replica modification replication in progress.
+    #
+    #   * When replicating objects to multiple destination buckets the
+    #     `x-amz-replication-status` header acts differently. The header of
+    #     the source object will only return a value of COMPLETED when
+    #     replication is successful to all destinations. The header will
+    #     remain at value PENDING until replication has completed for all
+    #     destinations. If one or more destinations fails replication the
+    #     header will return FAILED.
     #
     #   For more information, see [Replication][1].
     #
@@ -6240,6 +6377,7 @@ module Aws::S3
       :accept_ranges,
       :expiration,
       :restore,
+      :archive_status,
       :last_modified,
       :content_length,
       :etag,
@@ -6258,6 +6396,7 @@ module Aws::S3
       :sse_customer_algorithm,
       :sse_customer_key_md5,
       :ssekms_key_id,
+      :bucket_key_enabled,
       :storage_class,
       :request_charged,
       :replication_status,
@@ -6520,6 +6659,177 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # A container for specifying S3 Intelligent-Tiering filters. The filters
+    # determine the subset of objects to which the rule applies.
+    #
+    # @note When making an API call, you may pass IntelligentTieringAndOperator
+    #   data as a hash:
+    #
+    #       {
+    #         prefix: "Prefix",
+    #         tags: [
+    #           {
+    #             key: "ObjectKey", # required
+    #             value: "Value", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] prefix
+    #   An object key name prefix that identifies the subset of objects to
+    #   which the configuration applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   All of these tags must exist in the object's tag set in order for
+    #   the configuration to apply.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/IntelligentTieringAndOperator AWS API Documentation
+    #
+    class IntelligentTieringAndOperator < Struct.new(
+      :prefix,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the S3 Intelligent-Tiering configuration for an Amazon S3
+    # bucket.
+    #
+    # For information about the S3 Intelligent-Tiering storage class, see
+    # [Storage class for automatically optimizing frequently and
+    # infrequently accessed objects][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access
+    #
+    # @note When making an API call, you may pass IntelligentTieringConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         id: "IntelligentTieringId", # required
+    #         filter: {
+    #           prefix: "Prefix",
+    #           tag: {
+    #             key: "ObjectKey", # required
+    #             value: "Value", # required
+    #           },
+    #           and: {
+    #             prefix: "Prefix",
+    #             tags: [
+    #               {
+    #                 key: "ObjectKey", # required
+    #                 value: "Value", # required
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         status: "Enabled", # required, accepts Enabled, Disabled
+    #         tierings: [ # required
+    #           {
+    #             days: 1, # required
+    #             access_tier: "ARCHIVE_ACCESS", # required, accepts ARCHIVE_ACCESS, DEEP_ARCHIVE_ACCESS
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] id
+    #   The ID used to identify the S3 Intelligent-Tiering configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] filter
+    #   Specifies a bucket filter. The configuration only includes objects
+    #   that meet the filter's criteria.
+    #   @return [Types::IntelligentTieringFilter]
+    #
+    # @!attribute [rw] status
+    #   Specifies the status of the configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] tierings
+    #   Specifies the S3 Intelligent-Tiering storage class tier of the
+    #   configuration.
+    #   @return [Array<Types::Tiering>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/IntelligentTieringConfiguration AWS API Documentation
+    #
+    class IntelligentTieringConfiguration < Struct.new(
+      :id,
+      :filter,
+      :status,
+      :tierings)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The `Filter` is used to identify objects that the S3
+    # Intelligent-Tiering configuration applies to.
+    #
+    # @note When making an API call, you may pass IntelligentTieringFilter
+    #   data as a hash:
+    #
+    #       {
+    #         prefix: "Prefix",
+    #         tag: {
+    #           key: "ObjectKey", # required
+    #           value: "Value", # required
+    #         },
+    #         and: {
+    #           prefix: "Prefix",
+    #           tags: [
+    #             {
+    #               key: "ObjectKey", # required
+    #               value: "Value", # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] prefix
+    #   An object key name prefix that identifies the subset of objects to
+    #   which the rule applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag
+    #   A container of a key value name pair.
+    #   @return [Types::Tag]
+    #
+    # @!attribute [rw] and
+    #   A conjunction (logical AND) of predicates, which is used in
+    #   evaluating a metrics filter. The operator must have at least two
+    #   predicates, and an object must match all of the predicates in order
+    #   for the filter to apply.
+    #   @return [Types::IntelligentTieringAndOperator]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/IntelligentTieringFilter AWS API Documentation
+    #
+    class IntelligentTieringFilter < Struct.new(
+      :prefix,
+      :tag,
+      :and)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Object is archived and inaccessible until restored.
+    #
+    # @!attribute [rw] storage_class
+    #   @return [String]
+    #
+    # @!attribute [rw] access_tier
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/InvalidObjectState AWS API Documentation
+    #
+    class InvalidObjectState < Struct.new(
+      :storage_class,
+      :access_tier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the inventory configuration for an Amazon S3 bucket. For
     # more information, see [GET Bucket inventory][1] in the *Amazon Simple
     # Storage Service API Reference*.
@@ -7253,6 +7563,67 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] is_truncated
+    #   Indicates whether the returned list of analytics configurations is
+    #   complete. A value of true indicates that the list is not complete
+    #   and the NextContinuationToken will be provided for a subsequent
+    #   request.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] continuation_token
+    #   The ContinuationToken that represents a placeholder from where this
+    #   request should begin.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_continuation_token
+    #   The marker used to continue this inventory configuration listing.
+    #   Use the `NextContinuationToken` from this response to continue the
+    #   listing in a subsequent request. The continuation token is an opaque
+    #   value that Amazon S3 understands.
+    #   @return [String]
+    #
+    # @!attribute [rw] intelligent_tiering_configuration_list
+    #   The list of S3 Intelligent-Tiering configurations for a bucket.
+    #   @return [Array<Types::IntelligentTieringConfiguration>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurationsOutput AWS API Documentation
+    #
+    class ListBucketIntelligentTieringConfigurationsOutput < Struct.new(
+      :is_truncated,
+      :continuation_token,
+      :next_continuation_token,
+      :intelligent_tiering_configuration_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListBucketIntelligentTieringConfigurationsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "BucketName", # required
+    #         continuation_token: "Token",
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The name of the Amazon S3 bucket whose configuration you want to
+    #   modify or retrieve.
+    #   @return [String]
+    #
+    # @!attribute [rw] continuation_token
+    #   The ContinuationToken that represents a placeholder from where this
+    #   request should begin.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketIntelligentTieringConfigurationsRequest AWS API Documentation
+    #
+    class ListBucketIntelligentTieringConfigurationsRequest < Struct.new(
+      :bucket,
+      :continuation_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] continuation_token
     #   If sent in the request, the marker that is used as a starting point
     #   for this inventory configuration list response.
@@ -8506,15 +8877,14 @@ module Aws::S3
     end
 
     # A container specifying replication metrics-related settings enabling
-    # metrics and Amazon S3 events for S3 Replication Time Control (S3 RTC).
-    # Must be specified together with a `ReplicationTime` block.
+    # replication metrics and events.
     #
     # @note When making an API call, you may pass Metrics
     #   data as a hash:
     #
     #       {
     #         status: "Enabled", # required, accepts Enabled, Disabled
-    #         event_threshold: { # required
+    #         event_threshold: {
     #           minutes: 1,
     #         },
     #       }
@@ -9560,8 +9930,8 @@ module Aws::S3
     # @!attribute [rw] restrict_public_buckets
     #   Specifies whether Amazon S3 should restrict public bucket policies
     #   for this bucket. Setting this element to `TRUE` restricts access to
-    #   this bucket to only AWS services and authorized users within this
-    #   account if the bucket has a public policy.
+    #   this bucket to only AWS service principals and authorized users
+    #   within this account if the bucket has a public policy.
     #
     #   Enabling this setting doesn't affect previously stored bucket
     #   policies, except that public and cross-account access within any
@@ -9668,6 +10038,9 @@ module Aws::S3
     #   was not corrupted in transit. For more information, go to [RFC
     #   1864.][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -9830,6 +10203,9 @@ module Aws::S3
     #   was not corrupted in transit. For more information, go to [RFC
     #   1864.][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -9865,6 +10241,7 @@ module Aws::S3
     #                 sse_algorithm: "AES256", # required, accepts AES256, aws:kms
     #                 kms_master_key_id: "SSEKMSKeyId",
     #               },
+    #               bucket_key_enabled: false,
     #             },
     #           ],
     #         },
@@ -9886,8 +10263,10 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The base64-encoded 128-bit MD5 digest of the server-side encryption
-    #   configuration. This parameter is auto-populated when using the
-    #   command from the CLI.
+    #   configuration.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] server_side_encryption_configuration
@@ -9911,6 +10290,63 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutBucketIntelligentTieringConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "BucketName", # required
+    #         id: "IntelligentTieringId", # required
+    #         intelligent_tiering_configuration: { # required
+    #           id: "IntelligentTieringId", # required
+    #           filter: {
+    #             prefix: "Prefix",
+    #             tag: {
+    #               key: "ObjectKey", # required
+    #               value: "Value", # required
+    #             },
+    #             and: {
+    #               prefix: "Prefix",
+    #               tags: [
+    #                 {
+    #                   key: "ObjectKey", # required
+    #                   value: "Value", # required
+    #                 },
+    #               ],
+    #             },
+    #           },
+    #           status: "Enabled", # required, accepts Enabled, Disabled
+    #           tierings: [ # required
+    #             {
+    #               days: 1, # required
+    #               access_tier: "ARCHIVE_ACCESS", # required, accepts ARCHIVE_ACCESS, DEEP_ARCHIVE_ACCESS
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The name of the Amazon S3 bucket whose configuration you want to
+    #   modify or retrieve.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The ID used to identify the S3 Intelligent-Tiering configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] intelligent_tiering_configuration
+    #   Container for S3 Intelligent-Tiering configuration.
+    #   @return [Types::IntelligentTieringConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketIntelligentTieringConfigurationRequest AWS API Documentation
+    #
+    class PutBucketIntelligentTieringConfigurationRequest < Struct.new(
+      :bucket,
+      :id,
+      :intelligent_tiering_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutBucketInventoryConfigurationRequest
     #   data as a hash:
     #
@@ -10100,6 +10536,8 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] content_md5
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] lifecycle_configuration
@@ -10159,6 +10597,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash of the `PutBucketLogging` request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
@@ -10358,6 +10799,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash of the `PutPublicAccessBlock` request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] notification_configuration
@@ -10404,9 +10848,15 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash of the `OwnershipControls` request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
+    #   The account id of the expected bucket owner. If the bucket is owned
+    #   by a different account, the request will fail with an HTTP `403
+    #   (Access Denied)` error.
     #   @return [String]
     #
     # @!attribute [rw] ownership_controls
@@ -10442,6 +10892,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash of the request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] confirm_remove_self_bucket_access
@@ -10505,6 +10958,9 @@ module Aws::S3
     #                 sse_kms_encrypted_objects: {
     #                   status: "Enabled", # required, accepts Enabled, Disabled
     #                 },
+    #                 replica_modifications: {
+    #                   status: "Enabled", # required, accepts Enabled, Disabled
+    #                 },
     #               },
     #               existing_object_replication: {
     #                 status: "Enabled", # required, accepts Enabled, Disabled
@@ -10527,7 +10983,7 @@ module Aws::S3
     #                 },
     #                 metrics: {
     #                   status: "Enabled", # required, accepts Enabled, Disabled
-    #                   event_threshold: { # required
+    #                   event_threshold: {
     #                     minutes: 1,
     #                   },
     #                 },
@@ -10552,6 +11008,9 @@ module Aws::S3
     #   was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10563,6 +11022,7 @@ module Aws::S3
     #   @return [Types::ReplicationConfiguration]
     #
     # @!attribute [rw] token
+    #   A token to allow Object Lock to be enabled for an existing bucket.
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
@@ -10605,6 +11065,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10658,6 +11121,9 @@ module Aws::S3
     #   was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10708,6 +11174,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10787,6 +11256,9 @@ module Aws::S3
     #   was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10900,6 +11372,9 @@ module Aws::S3
     #   was not corrupted in transit. For more information, go to [RFC
     #   1864.&gt;][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -11077,6 +11552,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash for the request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
@@ -11161,6 +11639,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash for the request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
@@ -11236,6 +11717,11 @@ module Aws::S3
     #   pairs.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the uploaded object uses an S3 Bucket Key for
+    #   server-side encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_charged
     #   If present, indicates that the requester was successfully charged
     #   for the request.
@@ -11252,6 +11738,7 @@ module Aws::S3
       :sse_customer_key_md5,
       :ssekms_key_id,
       :ssekms_encryption_context,
+      :bucket_key_enabled,
       :request_charged)
       SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
       include Aws::Structure
@@ -11288,6 +11775,7 @@ module Aws::S3
     #         sse_customer_key_md5: "SSECustomerKeyMD5",
     #         ssekms_key_id: "SSEKMSKeyId",
     #         ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #         bucket_key_enabled: false,
     #         request_payer: "requester", # accepts requester
     #         tagging: "TaggingHeader",
     #         object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -11537,6 +12025,16 @@ module Aws::S3
     #   string holding JSON with the encryption context key-value pairs.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket
+    #   Key for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a PUT operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
@@ -11606,6 +12104,7 @@ module Aws::S3
       :sse_customer_key_md5,
       :ssekms_key_id,
       :ssekms_encryption_context,
+      :bucket_key_enabled,
       :request_payer,
       :tagging,
       :object_lock_mode,
@@ -11697,6 +12196,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash for the request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] expected_bucket_owner
@@ -11788,6 +12290,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash for the request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] tagging
@@ -11835,6 +12340,9 @@ module Aws::S3
     #
     # @!attribute [rw] content_md5
     #   The MD5 hash of the `PutPublicAccessBlock` request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #   @return [String]
     #
     # @!attribute [rw] public_access_block_configuration
@@ -12077,6 +12585,37 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # A filter that you can specify for selection for modifications on
+    # replicas. Amazon S3 doesn't replicate replica modifications by
+    # default. In the latest version of replication configuration (when
+    # `Filter` is specified), you can specify this element and set the
+    # status to `Enabled` to replicate modifications on replicas.
+    #
+    # <note markdown="1"> If you don't specify the `Filter` element, Amazon S3 assumes that the
+    # replication configuration is the earlier version, V1. In the earlier
+    # version, this element is not allowed.
+    #
+    #  </note>
+    #
+    # @note When making an API call, you may pass ReplicaModifications
+    #   data as a hash:
+    #
+    #       {
+    #         status: "Enabled", # required, accepts Enabled, Disabled
+    #       }
+    #
+    # @!attribute [rw] status
+    #   Specifies whether Amazon S3 replicates modifications on replicas.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ReplicaModifications AWS API Documentation
+    #
+    class ReplicaModifications < Struct.new(
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A container for replication rules. You can add up to 1,000 rules. The
     # maximum size of a replication configuration is 2 MB.
     #
@@ -12111,6 +12650,9 @@ module Aws::S3
     #               sse_kms_encrypted_objects: {
     #                 status: "Enabled", # required, accepts Enabled, Disabled
     #               },
+    #               replica_modifications: {
+    #                 status: "Enabled", # required, accepts Enabled, Disabled
+    #               },
     #             },
     #             existing_object_replication: {
     #               status: "Enabled", # required, accepts Enabled, Disabled
@@ -12133,7 +12675,7 @@ module Aws::S3
     #               },
     #               metrics: {
     #                 status: "Enabled", # required, accepts Enabled, Disabled
-    #                 event_threshold: { # required
+    #                 event_threshold: {
     #                   minutes: 1,
     #                 },
     #               },
@@ -12202,6 +12744,9 @@ module Aws::S3
     #           sse_kms_encrypted_objects: {
     #             status: "Enabled", # required, accepts Enabled, Disabled
     #           },
+    #           replica_modifications: {
+    #             status: "Enabled", # required, accepts Enabled, Disabled
+    #           },
     #         },
     #         existing_object_replication: {
     #           status: "Enabled", # required, accepts Enabled, Disabled
@@ -12224,7 +12769,7 @@ module Aws::S3
     #           },
     #           metrics: {
     #             status: "Enabled", # required, accepts Enabled, Disabled
-    #             event_threshold: { # required
+    #             event_threshold: {
     #               minutes: 1,
     #             },
     #           },
@@ -12240,21 +12785,19 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] priority
-    #   The priority associated with the rule. If you specify multiple rules
-    #   in a replication configuration, Amazon S3 prioritizes the rules to
-    #   prevent conflicts when filtering. If two or more rules identify the
-    #   same object based on a specified filter, the rule with higher
-    #   priority takes precedence. For example:
+    #   The priority indicates which rule has precedence whenever two or
+    #   more replication rules conflict. Amazon S3 will attempt to replicate
+    #   objects according to all replication rules. However, if there are
+    #   two or more rules with the same destination bucket, then objects
+    #   will be replicated according to the rule with the highest priority.
+    #   The higher the number, the higher the priority.
     #
-    #   * Same object quality prefix-based filter criteria if prefixes you
-    #     specified in multiple rules overlap
+    #   For more information, see [Replication][1] in the *Amazon Simple
+    #   Storage Service Developer Guide*.
     #
-    #   * Same object qualify tag-based filter criteria specified in
-    #     multiple rules
     #
-    #   For more information, see [Replication](
-    #   https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) in
-    #   the *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html
     #   @return [Integer]
     #
     # @!attribute [rw] prefix
@@ -12293,25 +12836,28 @@ module Aws::S3
     #   @return [Types::Destination]
     #
     # @!attribute [rw] delete_marker_replication
-    #   Specifies whether Amazon S3 replicates the delete markers. If you
-    #   specify a `Filter`, you must specify this element. However, in the
-    #   latest version of replication configuration (when `Filter` is
-    #   specified), Amazon S3 doesn't replicate delete markers. Therefore,
-    #   the `DeleteMarkerReplication` element can contain only
-    #   &lt;Status&gt;Disabled&lt;/Status&gt;. For an example configuration,
-    #   see [Basic Rule Configuration][1].
+    #   Specifies whether Amazon S3 replicates delete markers. If you
+    #   specify a `Filter` in your replication configuration, you must also
+    #   include a `DeleteMarkerReplication` element. If your `Filter`
+    #   includes a `Tag` element, the `DeleteMarkerReplication` `Status`
+    #   must be set to Disabled, because Amazon S3 does not support
+    #   replicating delete markers for tag-based rules. For an example
+    #   configuration, see [Basic Rule Configuration][1].
     #
-    #   <note markdown="1"> If you don't specify the `Filter` element, Amazon S3 assumes that
-    #   the replication configuration is the earlier version, V1. In the
-    #   earlier version, Amazon S3 handled replication of delete markers
-    #   differently. For more information, see [Backward Compatibility][2].
+    #   For more information about delete marker replication, see [Basic
+    #   Rule Configuration][2].
+    #
+    #   <note markdown="1"> If you are using an earlier version of the replication
+    #   configuration, Amazon S3 handles replication of delete markers
+    #   differently. For more information, see [Backward Compatibility][3].
     #
     #    </note>
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-config-min-rule-config
-    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/delete-marker-replication.html
+    #   [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
     #   @return [Types::DeleteMarkerReplication]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ReplicationRule AWS API Documentation
@@ -12643,7 +13189,7 @@ module Aws::S3
     #       }
     #
     # @!attribute [rw] bucket
-    #   The bucket name or containing the object to restore.
+    #   The bucket name containing the object to restore.
     #
     #   When using this API with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the
@@ -12802,6 +13348,9 @@ module Aws::S3
     # @!attribute [rw] days
     #   Lifetime of the active copy in days. Do not use with restores that
     #   specify `OutputLocation`.
+    #
+    #   The Days element is required for regular restores, and must not be
+    #   provided for select requests.
     #   @return [Integer]
     #
     # @!attribute [rw] glacier_job_parameters
@@ -12814,7 +13363,7 @@ module Aws::S3
     #   @return [String]
     #
     # @!attribute [rw] tier
-    #   S3 Glacier retrieval tier at which the restore will be processed.
+    #   Retrieval tier at which the restore will be processed.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -13513,6 +14062,7 @@ module Aws::S3
     #               sse_algorithm: "AES256", # required, accepts AES256, aws:kms
     #               kms_master_key_id: "SSEKMSKeyId",
     #             },
+    #             bucket_key_enabled: false,
     #           },
     #         ],
     #       }
@@ -13540,6 +14090,7 @@ module Aws::S3
     #           sse_algorithm: "AES256", # required, accepts AES256, aws:kms
     #           kms_master_key_id: "SSEKMSKeyId",
     #         },
+    #         bucket_key_enabled: false,
     #       }
     #
     # @!attribute [rw] apply_server_side_encryption_by_default
@@ -13548,10 +14099,26 @@ module Aws::S3
     #   server-side encryption, this default encryption will be applied.
     #   @return [Types::ServerSideEncryptionByDefault]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key with
+    #   server-side encryption using KMS (SSE-KMS) for new objects in the
+    #   bucket. Existing objects are not affected. Setting the
+    #   `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3
+    #   Bucket Key. By default, S3 Bucket Key is not enabled.
+    #
+    #   For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon
+    #   Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule AWS API Documentation
     #
     class ServerSideEncryptionRule < Struct.new(
-      :apply_server_side_encryption_by_default)
+      :apply_server_side_encryption_by_default,
+      :bucket_key_enabled)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -13570,6 +14137,9 @@ module Aws::S3
     #         sse_kms_encrypted_objects: {
     #           status: "Enabled", # required, accepts Enabled, Disabled
     #         },
+    #         replica_modifications: {
+    #           status: "Enabled", # required, accepts Enabled, Disabled
+    #         },
     #       }
     #
     # @!attribute [rw] sse_kms_encrypted_objects
@@ -13579,10 +14149,25 @@ module Aws::S3
     #   element is required.
     #   @return [Types::SseKmsEncryptedObjects]
     #
+    # @!attribute [rw] replica_modifications
+    #   A filter that you can specify for selections for modifications on
+    #   replicas. Amazon S3 doesn't replicate replica modifications by
+    #   default. In the latest version of replication configuration (when
+    #   `Filter` is specified), you can specify this element and set the
+    #   status to `Enabled` to replicate modifications on replicas.
+    #
+    #   <note markdown="1"> If you don't specify the `Filter` element, Amazon S3 assumes that
+    #   the replication configuration is the earlier version, V1. In the
+    #   earlier version, this element is not allowed
+    #
+    #    </note>
+    #   @return [Types::ReplicaModifications]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SourceSelectionCriteria AWS API Documentation
     #
     class SourceSelectionCriteria < Struct.new(
-      :sse_kms_encrypted_objects)
+      :sse_kms_encrypted_objects,
+      :replica_modifications)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -13806,6 +14391,46 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # The S3 Intelligent-Tiering storage class is designed to optimize
+    # storage costs by automatically moving data to the most cost-effective
+    # storage access tier, without additional operational overhead.
+    #
+    # @note When making an API call, you may pass Tiering
+    #   data as a hash:
+    #
+    #       {
+    #         days: 1, # required
+    #         access_tier: "ARCHIVE_ACCESS", # required, accepts ARCHIVE_ACCESS, DEEP_ARCHIVE_ACCESS
+    #       }
+    #
+    # @!attribute [rw] days
+    #   The number of consecutive days of no access after which an object
+    #   will be eligible to be transitioned to the corresponding tier. The
+    #   minimum number of days specified for Archive Access tier must be at
+    #   least 90 days and Deep Archive Access tier must be at least 180
+    #   days. The maximum can be up to 2 years (730 days).
+    #   @return [Integer]
+    #
+    # @!attribute [rw] access_tier
+    #   S3 Intelligent-Tiering access tier. See [Storage class for
+    #   automatically optimizing frequently and infrequently accessed
+    #   objects][1] for a list of access tiers in the S3 Intelligent-Tiering
+    #   storage class.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Tiering AWS API Documentation
+    #
+    class Tiering < Struct.new(
+      :days,
+      :access_tier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A container for specifying the configuration for publication of
     # messages to an Amazon Simple Notification Service (Amazon SNS) topic
     # when Amazon S3 detects specified events.
@@ -13998,6 +14623,11 @@ module Aws::S3
     #   used for the object.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the multipart upload uses an S3 Bucket Key for
+    #   server-side encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_charged
     #   If present, indicates that the requester was successfully charged
     #   for the request.
@@ -14012,6 +14642,7 @@ module Aws::S3
       :sse_customer_algorithm,
       :sse_customer_key_md5,
       :ssekms_key_id,
+      :bucket_key_enabled,
       :request_charged)
       SENSITIVE = [:ssekms_key_id]
       include Aws::Structure
@@ -14273,6 +14904,11 @@ module Aws::S3
     #   for the object.
     #   @return [String]
     #
+    # @!attribute [rw] bucket_key_enabled
+    #   Indicates whether the multipart upload uses an S3 Bucket Key for
+    #   server-side encryption with AWS KMS (SSE-KMS).
+    #   @return [Boolean]
+    #
     # @!attribute [rw] request_charged
     #   If present, indicates that the requester was successfully charged
     #   for the request.
@@ -14286,6 +14922,7 @@ module Aws::S3
       :sse_customer_algorithm,
       :sse_customer_key_md5,
       :ssekms_key_id,
+      :bucket_key_enabled,
       :request_charged)
       SENSITIVE = [:ssekms_key_id]
       include Aws::Structure