aws-sdk-s3 1.84.1 → 1.87.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 152630b0a9acb1b213eb0793432bbf020129fa5ba436128ec2cc8bf404895c99
-  data.tar.gz: 32352566fbee102dd684a37205b3a90ee9a6d0736ec6a106aa112540ba7d081b
+  metadata.gz: 11cd48be59fc8922aabfe4d29d601706183fc5d5ce0b1fb201ae2f59c6f281ab
+  data.tar.gz: 546d8a92a9a561d94d205908d52c005edb5a49d336751ee7954936f9449d7138
 SHA512:
-  metadata.gz: 410beb9c8e6e673bda33f020f01bd6bbdb9e848d309e2ed732263b2ac09c708023591a08084bea78223aacb45f4b48980234060d6ef63778d04c261f837e862c
-  data.tar.gz: 9e97114d1b6044c44715744b56856678ff0509d11270fb3ebbb7a4dd9fa5af55d9e085c316af9d2bf4ca6e36be342240b9241d4352896709f8961356b88f0b5e
+  metadata.gz: 16a5af91aba1ce6e9b4f3d121cbc427e1534a2fb80edb553a7e5e62e5a937877174581ad169c4abd46dd3d32dfdf765d9161f7bc4c907b5f0cf158d44dbd81e3
+  data.tar.gz: 995720b6753b4add059e235f37dea7fe49dbe19038e495260023aa380bfe2544cdb9873dafab1a2c685d9eae3f1eeeacb290480ac149d6624f475ba584519c57

data/lib/aws-sdk-s3.rb

@@ -69,6 +69,6 @@ require_relative 'aws-sdk-s3/event_streams'
 # @!group service
 module Aws::S3
 
-  GEM_VERSION = '1.84.1'
+  GEM_VERSION = '1.87.0'
 
 end

data/lib/aws-sdk-s3/bucket.rb

@@ -34,7 +34,8 @@ module Aws::S3
       @name
     end
 
-    # Date the bucket was created.
+    # Date the bucket was created. This date can change when making changes
+    # to your bucket, such as editing its bucket policy.
     # @return [Time]
     def creation_date
       data[:creation_date]
@@ -354,6 +355,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     request_payer: "requester", # accepts requester
     #     tagging: "TaggingHeader",
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -525,6 +527,14 @@ module Aws::S3
     #   Specifies the AWS KMS Encryption Context to use for object encryption.
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
+    # @option options [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a PUT operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their

data/lib/aws-sdk-s3/bucket_acl.rb

@@ -221,6 +221,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt

data/lib/aws-sdk-s3/bucket_cors.rb

@@ -224,6 +224,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt

data/lib/aws-sdk-s3/bucket_lifecycle.rb

@@ -228,6 +228,8 @@ module Aws::S3
     #   })
     # @param [Hash] options ({})
     # @option options [String] :content_md5
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     # @option options [Types::LifecycleConfiguration] :lifecycle_configuration
     # @option options [String] :expected_bucket_owner
     #   The account id of the expected bucket owner. If the bucket is owned by

data/lib/aws-sdk-s3/bucket_logging.rb

@@ -210,6 +210,9 @@ module Aws::S3
     #   Container for logging status information.
     # @option options [String] :content_md5
     #   The MD5 hash of the `PutBucketLogging` request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     # @option options [String] :expected_bucket_owner
     #   The account id of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access

data/lib/aws-sdk-s3/bucket_policy.rb

@@ -202,6 +202,9 @@ module Aws::S3
     # @param [Hash] options ({})
     # @option options [String] :content_md5
     #   The MD5 hash of the request body.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     # @option options [Boolean] :confirm_remove_self_bucket_access
     #   Set this parameter to true to confirm that you want to remove your
     #   permissions to change this bucket policy in the future.

data/lib/aws-sdk-s3/bucket_request_payment.rb

@@ -190,6 +190,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt

data/lib/aws-sdk-s3/bucket_tagging.rb

@@ -211,6 +211,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt

data/lib/aws-sdk-s3/bucket_versioning.rb

@@ -197,6 +197,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -237,6 +240,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -270,6 +276,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt

data/lib/aws-sdk-s3/bucket_website.rb

@@ -252,6 +252,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt

data/lib/aws-sdk-s3/client.rb

@@ -659,6 +659,7 @@ module Aws::S3
     #   * {Types::CompleteMultipartUploadOutput#server_side_encryption #server_side_encryption} => String
     #   * {Types::CompleteMultipartUploadOutput#version_id #version_id} => String
     #   * {Types::CompleteMultipartUploadOutput#ssekms_key_id #ssekms_key_id} => String
+    #   * {Types::CompleteMultipartUploadOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::CompleteMultipartUploadOutput#request_charged #request_charged} => String
     #
     #
@@ -720,6 +721,7 @@ module Aws::S3
     #   resp.server_side_encryption #=> String, one of "AES256", "aws:kms"
     #   resp.version_id #=> String
     #   resp.ssekms_key_id #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.request_charged #=> String, one of "requester"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CompleteMultipartUpload AWS API Documentation
@@ -830,22 +832,20 @@ module Aws::S3
     #
     #  </note>
     #
-    # **Encryption**
+    # **Server-side encryption**
     #
-    # The source object that you are copying can be encrypted or
-    # unencrypted. The source object can be encrypted with server-side
-    # encryption using AWS managed encryption keys (SSE-S3 or SSE-KMS) or by
-    # using a customer-provided encryption key. With server-side encryption,
-    # Amazon S3 encrypts your data as it writes it to disks in its data
-    # centers and decrypts the data when you access it.
+    # When you perform a CopyObject operation, you can optionally use the
+    # appropriate encryption-related headers to encrypt the object using
+    # server-side encryption with AWS managed encryption keys (SSE-S3 or
+    # SSE-KMS) or a customer-provided encryption key. With server-side
+    # encryption, Amazon S3 encrypts your data as it writes it to disks in
+    # its data centers and decrypts the data when you access it. For more
+    # information about server-side encryption, see [Using Server-Side
+    # Encryption][8].
     #
-    # You can optionally use the appropriate encryption-related headers to
-    # request server-side encryption for the target object. You have the
-    # option to provide your own encryption key or use SSE-S3 or SSE-KMS,
-    # regardless of the form of server-side encryption that was used to
-    # encrypt the source object. You can even request encryption if the
-    # source object was not encrypted. For more information about
-    # server-side encryption, see [Using Server-Side Encryption][8].
+    # If a target object uses SSE-KMS, you can enable an S3 Bucket Key for
+    # the object. For more information, see [Amazon S3 Bucket Keys][9] in
+    # the *Amazon Simple Storage Service Developer Guide*.
     #
     # **Access Control List (ACL)-Specific Request Headers**
     #
@@ -855,13 +855,13 @@ module Aws::S3
     # permissions to individual AWS accounts or to predefined groups defined
     # by Amazon S3. These permissions are then added to the ACL on the
     # object. For more information, see [Access Control List (ACL)
-    # Overview][9] and [Managing ACLs Using the REST API][10].
+    # Overview][10] and [Managing ACLs Using the REST API][11].
     #
     # **Storage Class Options**
     #
     # You can use the `CopyObject` operation to change the storage class of
     # an object that is already stored in Amazon S3 using the `StorageClass`
-    # parameter. For more information, see [Storage Classes][11] in the
+    # parameter. For more information, see [Storage Classes][12] in the
     # *Amazon S3 Service Developer Guide*.
     #
     # **Versioning**
@@ -882,15 +882,15 @@ module Aws::S3
     #
     # If the source object's storage class is GLACIER, you must restore a
     # copy of this object before you can use it as a source object for the
-    # copy operation. For more information, see [RestoreObject][12].
+    # copy operation. For more information, see [RestoreObject][13].
     #
     # The following operations are related to `CopyObject`\:
     #
-    # * [PutObject][13]
+    # * [PutObject][14]
     #
-    # * [GetObject][14]
+    # * [GetObject][15]
     #
-    # For more information, see [Copying Objects][15].
+    # For more information, see [Copying Objects][16].
     #
     #
     #
@@ -902,13 +902,14 @@ module Aws::S3
     # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
     # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html
     # [8]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
-    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
-    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
-    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
-    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
-    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
-    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
-    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
+    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
+    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
+    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html
+    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html
+    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
+    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the object.
@@ -1109,6 +1110,15 @@ module Aws::S3
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
     #
+    # @option params [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a COPY operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
+    #
     # @option params [String] :copy_source_sse_customer_algorithm
     #   Specifies the algorithm to use when decrypting the source object (for
     #   example, AES256).
@@ -1170,6 +1180,7 @@ module Aws::S3
     #   * {Types::CopyObjectOutput#sse_customer_key_md5 #sse_customer_key_md5} => String
     #   * {Types::CopyObjectOutput#ssekms_key_id #ssekms_key_id} => String
     #   * {Types::CopyObjectOutput#ssekms_encryption_context #ssekms_encryption_context} => String
+    #   * {Types::CopyObjectOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::CopyObjectOutput#request_charged #request_charged} => String
     #
     #
@@ -1225,6 +1236,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
     #     copy_source_sse_customer_key: "CopySourceSSECustomerKey",
     #     copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
@@ -1249,6 +1261,7 @@ module Aws::S3
     #   resp.sse_customer_key_md5 #=> String
     #   resp.ssekms_key_id #=> String
     #   resp.ssekms_encryption_context #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.request_charged #=> String, one of "requester"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CopyObject AWS API Documentation
@@ -1405,33 +1418,33 @@ module Aws::S3
     #   * {Types::CreateBucketOutput#location #location} => String
     #
     #
-    # @example Example: To create a bucket in a specific region
+    # @example Example: To create a bucket 
     #
-    #   # The following example creates a bucket. The request specifies an AWS region where to create the bucket.
+    #   # The following example creates a bucket.
     #
     #   resp = client.create_bucket({
     #     bucket: "examplebucket", 
-    #     create_bucket_configuration: {
-    #       location_constraint: "eu-west-1", 
-    #     }, 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     location: "http://examplebucket.<Region>.s3.amazonaws.com/", 
+    #     location: "/examplebucket", 
     #   }
     #
-    # @example Example: To create a bucket 
+    # @example Example: To create a bucket in a specific region
     #
-    #   # The following example creates a bucket.
+    #   # The following example creates a bucket. The request specifies an AWS region where to create the bucket.
     #
     #   resp = client.create_bucket({
     #     bucket: "examplebucket", 
+    #     create_bucket_configuration: {
+    #       location_constraint: "eu-west-1", 
+    #     }, 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     location: "/examplebucket", 
+    #     location: "http://examplebucket.<Region>.s3.amazonaws.com/", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -1827,6 +1840,15 @@ module Aws::S3
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
     #
+    # @option params [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with an object operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
+    #
     # @option params [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
@@ -1870,6 +1892,7 @@ module Aws::S3
     #   * {Types::CreateMultipartUploadOutput#sse_customer_key_md5 #sse_customer_key_md5} => String
     #   * {Types::CreateMultipartUploadOutput#ssekms_key_id #ssekms_key_id} => String
     #   * {Types::CreateMultipartUploadOutput#ssekms_encryption_context #ssekms_encryption_context} => String
+    #   * {Types::CreateMultipartUploadOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::CreateMultipartUploadOutput#request_charged #request_charged} => String
     #
     #
@@ -1916,6 +1939,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     request_payer: "requester", # accepts requester
     #     tagging: "TaggingHeader",
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -1936,6 +1960,7 @@ module Aws::S3
     #   resp.sse_customer_key_md5 #=> String
     #   resp.ssekms_key_id #=> String
     #   resp.ssekms_encryption_context #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.request_charged #=> String, one of "requester"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateMultipartUpload AWS API Documentation
@@ -2929,35 +2954,35 @@ module Aws::S3
     #   * {Types::DeleteObjectTaggingOutput#version_id #version_id} => String
     #
     #
-    # @example Example: To remove tag set from an object
+    # @example Example: To remove tag set from an object version
     #
-    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
-    #   # operation removes tag set from the latest object version.
+    #   # The following example removes tag set associated with the specified object version. The request specifies both the
+    #   # object key and object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "null", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   }
     #
-    # @example Example: To remove tag set from an object version
+    # @example Example: To remove tag set from an object
     #
-    #   # The following example removes tag set associated with the specified object version. The request specifies both the
-    #   # object key and object version.
+    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
+    #   # operation removes tag set from the latest object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     version_id: "null", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -3097,20 +3122,22 @@ module Aws::S3
     #   * {Types::DeleteObjectsOutput#errors #errors} => Array&lt;Types::Error&gt;
     #
     #
-    # @example Example: To delete multiple objects from a versioned bucket
+    # @example Example: To delete multiple object versions from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
-    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
+    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
+    #   # versions and returns the key and versions of deleted objects in the response.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "objectkey1", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #         }, 
     #         {
-    #           key: "objectkey2", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -3121,34 +3148,30 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
-    #         key: "objectkey1", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #       }, 
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
-    #         key: "objectkey2", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #       }, 
     #     ], 
     #   }
     #
-    # @example Example: To delete multiple object versions from a versioned bucket
+    # @example Example: To delete multiple objects from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
-    #   # versions and returns the key and versions of deleted objects in the response.
+    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
+    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #           key: "objectkey1", 
     #         }, 
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #           key: "objectkey2", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -3159,12 +3182,14 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
+    #         key: "objectkey1", 
     #       }, 
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
+    #         key: "objectkey2", 
     #       }, 
     #     ], 
     #   }
@@ -3614,6 +3639,7 @@ module Aws::S3
     #   resp.server_side_encryption_configuration.rules #=> Array
     #   resp.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.sse_algorithm #=> String, one of "AES256", "aws:kms"
     #   resp.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.kms_master_key_id #=> String
+    #   resp.server_side_encryption_configuration.rules[0].bucket_key_enabled #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketEncryption AWS API Documentation
     #
@@ -4705,6 +4731,7 @@ module Aws::S3
     #   resp.replication_configuration.rules[0].filter.and.tags[0].value #=> String
     #   resp.replication_configuration.rules[0].status #=> String, one of "Enabled", "Disabled"
     #   resp.replication_configuration.rules[0].source_selection_criteria.sse_kms_encrypted_objects.status #=> String, one of "Enabled", "Disabled"
+    #   resp.replication_configuration.rules[0].source_selection_criteria.replica_modifications.status #=> String, one of "Enabled", "Disabled"
     #   resp.replication_configuration.rules[0].existing_object_replication.status #=> String, one of "Enabled", "Disabled"
     #   resp.replication_configuration.rules[0].destination.bucket #=> String
     #   resp.replication_configuration.rules[0].destination.account #=> String
@@ -5056,13 +5083,13 @@ module Aws::S3
     # For more information about returning the ACL of an object, see
     # [GetObjectAcl][3].
     #
-    # If the object you are retrieving is stored in the S3 Glacier, S3
-    # Glacier Deep Archive, S3 Intelligent-Tiering Archive, or S3
-    # Intelligent-Tiering Deep Archive storage classes, before you can
-    # retrieve the object you must first restore a copy using
-    # [RestoreObject][4]. Otherwise, this operation returns an
-    # `InvalidObjectStateError` error. For information about restoring
-    # archived objects, see [Restoring Archived Objects][5].
+    # If the object you are retrieving is stored in the S3 Glacier or S3
+    # Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive
+    # or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve
+    # the object you must first restore a copy using [RestoreObject][4].
+    # Otherwise, this operation returns an `InvalidObjectStateError` error.
+    # For information about restoring archived objects, see [Restoring
+    # Archived Objects][5].
     #
     # Encryption request headers, like `x-amz-server-side-encryption`,
     # should not be sent for GET requests if your object uses server-side
@@ -5333,6 +5360,7 @@ module Aws::S3
     #   * {Types::GetObjectOutput#sse_customer_algorithm #sse_customer_algorithm} => String
     #   * {Types::GetObjectOutput#sse_customer_key_md5 #sse_customer_key_md5} => String
     #   * {Types::GetObjectOutput#ssekms_key_id #ssekms_key_id} => String
+    #   * {Types::GetObjectOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::GetObjectOutput#storage_class #storage_class} => String
     #   * {Types::GetObjectOutput#request_charged #request_charged} => String
     #   * {Types::GetObjectOutput#replication_status #replication_status} => String
@@ -5470,6 +5498,7 @@ module Aws::S3
     #   resp.sse_customer_algorithm #=> String
     #   resp.sse_customer_key_md5 #=> String
     #   resp.ssekms_key_id #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.storage_class #=> String, one of "STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA", "ONEZONE_IA", "INTELLIGENT_TIERING", "GLACIER", "DEEP_ARCHIVE", "OUTPOSTS"
     #   resp.request_charged #=> String, one of "requester"
     #   resp.replication_status #=> String, one of "COMPLETE", "PENDING", "FAILED", "REPLICA"
@@ -6443,6 +6472,7 @@ module Aws::S3
     #   * {Types::HeadObjectOutput#sse_customer_algorithm #sse_customer_algorithm} => String
     #   * {Types::HeadObjectOutput#sse_customer_key_md5 #sse_customer_key_md5} => String
     #   * {Types::HeadObjectOutput#ssekms_key_id #ssekms_key_id} => String
+    #   * {Types::HeadObjectOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::HeadObjectOutput#storage_class #storage_class} => String
     #   * {Types::HeadObjectOutput#request_charged #request_charged} => String
     #   * {Types::HeadObjectOutput#replication_status #replication_status} => String
@@ -6518,6 +6548,7 @@ module Aws::S3
     #   resp.sse_customer_algorithm #=> String
     #   resp.sse_customer_key_md5 #=> String
     #   resp.ssekms_key_id #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.storage_class #=> String, one of "STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA", "ONEZONE_IA", "INTELLIGENT_TIERING", "GLACIER", "DEEP_ARCHIVE", "OUTPOSTS"
     #   resp.request_charged #=> String, one of "requester"
     #   resp.replication_status #=> String, one of "COMPLETE", "PENDING", "FAILED", "REPLICA"
@@ -8294,6 +8325,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -8580,6 +8614,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -8663,14 +8700,17 @@ module Aws::S3
       req.send_request(options)
     end
 
-    # This implementation of the `PUT` operation uses the `encryption`
-    # subresource to set the default encryption state of an existing bucket.
-    #
-    # This implementation of the `PUT` operation sets default encryption for
-    # a bucket using server-side encryption with Amazon S3-managed keys
-    # SSE-S3 or AWS KMS customer master keys (CMKs) (SSE-KMS). For
-    # information about the Amazon S3 default encryption feature, see
-    # [Amazon S3 Default Bucket Encryption][1].
+    # This operation uses the `encryption` subresource to configure default
+    # encryption and Amazon S3 Bucket Key for an existing bucket.
+    #
+    # Default encryption for a bucket can use server-side encryption with
+    # Amazon S3-managed keys (SSE-S3) or AWS KMS customer master keys
+    # (SSE-KMS). If you specify default encryption using SSE-KMS, you can
+    # also configure Amazon S3 Bucket Key. For information about default
+    # encryption, see [Amazon S3 default bucket encryption][1] in the
+    # *Amazon Simple Storage Service Developer Guide*. For more information
+    # about S3 Bucket Keys, see [Amazon S3 Bucket Keys][2] in the *Amazon
+    # Simple Storage Service Developer Guide*.
     #
     # This operation requires AWS Signature Version 4. For more information,
     # see [ Authenticating Requests (AWS Signature Version
@@ -8680,23 +8720,24 @@ module Aws::S3
     # `s3:PutEncryptionConfiguration` action. The bucket owner has this
     # permission by default. The bucket owner can grant this permission to
     # others. For more information about permissions, see [Permissions
-    # Related to Bucket Subresource Operations][2] and [Managing Access
-    # Permissions to Your Amazon S3 Resources][3] in the Amazon Simple
+    # Related to Bucket Subresource Operations][3] and [Managing Access
+    # Permissions to Your Amazon S3 Resources][4] in the Amazon Simple
     # Storage Service Developer Guide.
     #
     # **Related Resources**
     #
-    # * [GetBucketEncryption][4]
+    # * [GetBucketEncryption][5]
     #
-    # * [DeleteBucketEncryption][5]
+    # * [DeleteBucketEncryption][6]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
     #
     # @option params [required, String] :bucket
     #   Specifies default encryption for a bucket using server-side encryption
@@ -8711,8 +8752,10 @@ module Aws::S3
     #
     # @option params [String] :content_md5
     #   The base64-encoded 128-bit MD5 digest of the server-side encryption
-    #   configuration. This parameter is auto-populated when using the command
-    #   from the CLI.
+    #   configuration.
+    #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #
     # @option params [required, Types::ServerSideEncryptionConfiguration] :server_side_encryption_configuration
     #   Specifies the default server-side-encryption configuration.
@@ -8736,6 +8779,7 @@ module Aws::S3
     #             sse_algorithm: "AES256", # required, accepts AES256, aws:kms
     #             kms_master_key_id: "SSEKMSKeyId",
     #           },
+    #           bucket_key_enabled: false,
     #         },
     #       ],
     #     },
@@ -9044,6 +9088,8 @@ module Aws::S3
     # @option params [required, String] :bucket
     #
     # @option params [String] :content_md5
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
     #
     # @option params [Types::LifecycleConfiguration] :lifecycle_configuration
     #
@@ -9364,6 +9410,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutBucketLogging` request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [String] :expected_bucket_owner
     #   The account id of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access
@@ -9540,6 +9589,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutPublicAccessBlock` request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [required, Types::NotificationConfigurationDeprecated] :notification_configuration
     #   The container for the configuration.
     #
@@ -9784,6 +9836,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `OwnershipControls` request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [String] :expected_bucket_owner
     #   The account id of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access
@@ -9855,6 +9910,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [Boolean] :confirm_remove_self_bucket_access
     #   Set this parameter to true to confirm that you want to remove your
     #   permissions to change this bucket policy in the future.
@@ -9909,15 +9967,15 @@ module Aws::S3
     #
     # Specify the replication configuration in the request body. In the
     # replication configuration, you provide the name of the destination
-    # bucket where you want Amazon S3 to replicate objects, the IAM role
-    # that Amazon S3 can assume to replicate objects on your behalf, and
-    # other relevant information.
+    # bucket or buckets where you want Amazon S3 to replicate objects, the
+    # IAM role that Amazon S3 can assume to replicate objects on your
+    # behalf, and other relevant information.
     #
     # A replication configuration must include at least one rule, and can
     # contain a maximum of 1,000. Each rule identifies a subset of objects
     # to replicate by filtering the objects in the source bucket. To choose
     # additional subsets of objects to replicate, add a rule for each
-    # subset. All rules must specify the same destination bucket.
+    # subset.
     #
     # To specify a subset of the objects in the source bucket to apply a
     # replication rule to, add the Filter element as a child of the Rule
@@ -9926,26 +9984,21 @@ module Aws::S3
     # configuration, you must also add the following elements:
     # `DeleteMarkerReplication`, `Status`, and `Priority`.
     #
-    # <note markdown="1"> The latest version of the replication configuration XML is V2. XML V2
-    # replication configurations are those that contain the `Filter` element
-    # for rules, and rules that specify S3 Replication Time Control (S3
-    # RTC). In XML V2 replication configurations, Amazon S3 doesn't
-    # replicate delete markers. Therefore, you must set the
-    # `DeleteMarkerReplication` element to `Disabled`. For backward
-    # compatibility, Amazon S3 continues to support the XML V1 replication
-    # configuration.
+    # <note markdown="1"> If you are using an earlier version of the replication configuration,
+    # Amazon S3 handles replication of delete markers differently. For more
+    # information, see [Backward Compatibility][3].
     #
     #  </note>
     #
     # For information about enabling versioning on a bucket, see [Using
-    # Versioning][3].
+    # Versioning][4].
     #
     # By default, a resource owner, in this case the AWS account that
     # created the bucket, can perform this operation. The resource owner can
     # also grant others permissions to perform the operation. For more
     # information about permissions, see [Specifying Permissions in a
-    # Policy][4] and [Managing Access Permissions to Your Amazon S3
-    # Resources][5].
+    # Policy][5] and [Managing Access Permissions to Your Amazon S3
+    # Resources][6].
     #
     # **Handling Replication of Encrypted Objects**
     #
@@ -9955,28 +10008,29 @@ module Aws::S3
     # `SourceSelectionCriteria`, `SseKmsEncryptedObjects`, `Status`,
     # `EncryptionConfiguration`, and `ReplicaKmsKeyID`. For information
     # about replication configuration, see [Replicating Objects Created with
-    # SSE Using CMKs stored in AWS KMS][6].
+    # SSE Using CMKs stored in AWS KMS][7].
     #
     # For information on `PutBucketReplication` errors, see [List of
-    # replication-related error codes][7]
+    # replication-related error codes][8]
     #
     # The following operations are related to `PutBucketReplication`\:
     #
-    # * [GetBucketReplication][8]
+    # * [GetBucketReplication][9]
     #
-    # * [DeleteBucketReplication][9]
+    # * [DeleteBucketReplication][10]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html
     # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
-    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
-    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html
-    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket
@@ -9986,6 +10040,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10059,6 +10116,9 @@ module Aws::S3
     #             sse_kms_encrypted_objects: {
     #               status: "Enabled", # required, accepts Enabled, Disabled
     #             },
+    #             replica_modifications: {
+    #               status: "Enabled", # required, accepts Enabled, Disabled
+    #             },
     #           },
     #           existing_object_replication: {
     #             status: "Enabled", # required, accepts Enabled, Disabled
@@ -10132,6 +10192,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10258,6 +10321,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10371,6 +10437,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10505,6 +10574,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -10614,8 +10686,13 @@ module Aws::S3
     # encryption, Amazon S3 encrypts your data as it writes it to disks in
     # its data centers and decrypts the data when you access it. You have
     # the option to provide your own encryption key or use AWS managed
-    # encryption keys. For more information, see [Using Server-Side
-    # Encryption][2].
+    # encryption keys (SSE-S3 or SSE-KMS). For more information, see [Using
+    # Server-Side Encryption][2].
+    #
+    # If you request server-side encryption using AWS Key Management Service
+    # (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For
+    # more information, see [Amazon S3 Bucket Keys][3] in the *Amazon Simple
+    # Storage Service Developer Guide*.
     #
     # **Access Control List (ACL)-Specific Request Headers**
     #
@@ -10624,8 +10701,8 @@ module Aws::S3
     # adding a new object, you can grant permissions to individual AWS
     # accounts or to predefined groups defined by Amazon S3. These
     # permissions are then added to the ACL on the object. For more
-    # information, see [Access Control List (ACL) Overview][3] and [Managing
-    # ACLs Using the REST API][4].
+    # information, see [Access Control List (ACL) Overview][4] and [Managing
+    # ACLs Using the REST API][5].
     #
     # **Storage Class Options**
     #
@@ -10633,7 +10710,7 @@ module Aws::S3
     # created objects. The STANDARD storage class provides high durability
     # and high availability. Depending on performance needs, you can specify
     # a different Storage Class. Amazon S3 on Outposts only uses the
-    # OUTPOSTS Storage Class. For more information, see [Storage Classes][5]
+    # OUTPOSTS Storage Class. For more information, see [Storage Classes][6]
     # in the *Amazon S3 Service Developer Guide*.
     #
     # **Versioning**
@@ -10645,26 +10722,27 @@ module Aws::S3
     # object simultaneously, it stores all of the objects.
     #
     # For more information about versioning, see [Adding Objects to
-    # Versioning Enabled Buckets][6]. For information about returning the
-    # versioning state of a bucket, see [GetBucketVersioning][7].
+    # Versioning Enabled Buckets][7]. For information about returning the
+    # versioning state of a bucket, see [GetBucketVersioning][8].
     #
     # **Related Resources**
     #
-    # * [CopyObject][8]
+    # * [CopyObject][9]
     #
-    # * [DeleteObject][9]
+    # * [DeleteObject][10]
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html
-    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
-    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
-    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html
     #
     # @option params [String] :acl
     #   The canned ACL to apply to the object. For more information, see
@@ -10878,6 +10956,15 @@ module Aws::S3
     #   The value of this header is a base64-encoded UTF-8 string holding JSON
     #   with the encryption context key-value pairs.
     #
+    # @option params [Boolean] :bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using AWS KMS (SSE-KMS).
+    #   Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
+    #   for object encryption with SSE-KMS.
+    #
+    #   Specifying this header with a PUT operation doesn’t affect
+    #   bucket-level settings for S3 Bucket Key.
+    #
     # @option params [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
@@ -10922,28 +11009,28 @@ module Aws::S3
     #   * {Types::PutObjectOutput#sse_customer_key_md5 #sse_customer_key_md5} => String
     #   * {Types::PutObjectOutput#ssekms_key_id #ssekms_key_id} => String
     #   * {Types::PutObjectOutput#ssekms_encryption_context #ssekms_encryption_context} => String
+    #   * {Types::PutObjectOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::PutObjectOutput#request_charged #request_charged} => String
     #
     #
-    # @example Example: To upload object and specify user-defined metadata
+    # @example Example: To upload an object and specify server-side encryption and object tags
     #
-    #   # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
-    #   # enabled, S3 returns version ID in response.
+    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
+    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
-    #     metadata: {
-    #       "metadata1" => "value1", 
-    #       "metadata2" => "value2", 
-    #     }, 
+    #     server_side_encryption: "AES256", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
     #   }
     #
     # @example Example: To create an object.
@@ -10980,62 +11067,63 @@ module Aws::S3
     #     version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a", 
     #   }
     #
-    # @example Example: To upload an object and specify server-side encryption and object tags
+    # @example Example: To upload an object (specify optional headers)
     #
-    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
-    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
+    #   # storage class and use server-side encryption.
     #
     #   resp = client.put_object({
-    #     body: "filetoupload", 
+    #     body: "HappyFace.jpg", 
     #     bucket: "examplebucket", 
-    #     key: "exampleobject", 
+    #     key: "HappyFace.jpg", 
     #     server_side_encryption: "AES256", 
-    #     tagging: "key1=value1&key2=value2", 
+    #     storage_class: "STANDARD_IA", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
     #     server_side_encryption: "AES256", 
-    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
+    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
     #   }
     #
-    # @example Example: To upload an object and specify canned ACL.
+    # @example Example: To upload object and specify user-defined metadata
     #
-    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
-    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
+    #   # enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     acl: "authenticated-read", 
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
+    #     metadata: {
+    #       "metadata1" => "value1", 
+    #       "metadata2" => "value2", 
+    #     }, 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
+    #     version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0", 
     #   }
     #
-    # @example Example: To upload an object (specify optional headers)
+    # @example Example: To upload an object and specify canned ACL.
     #
-    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
-    #   # storage class and use server-side encryption.
+    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
+    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     body: "HappyFace.jpg", 
+    #     acl: "authenticated-read", 
+    #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
-    #     server_side_encryption: "AES256", 
-    #     storage_class: "STANDARD_IA", 
+    #     key: "exampleobject", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
+    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
     #   }
     #
     # @example Example: To upload an object
@@ -11091,6 +11179,7 @@ module Aws::S3
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
     #     ssekms_key_id: "SSEKMSKeyId",
     #     ssekms_encryption_context: "SSEKMSEncryptionContext",
+    #     bucket_key_enabled: false,
     #     request_payer: "requester", # accepts requester
     #     tagging: "TaggingHeader",
     #     object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -11109,6 +11198,7 @@ module Aws::S3
     #   resp.sse_customer_key_md5 #=> String
     #   resp.ssekms_key_id #=> String
     #   resp.ssekms_encryption_context #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.request_charged #=> String, one of "requester"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutObject AWS API Documentation
@@ -11306,6 +11396,9 @@ module Aws::S3
     #   not corrupted in transit. For more information, go to [RFC
     #   1864.&gt;][1]
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     #
     #
     #   [1]: http://www.ietf.org/rfc/rfc1864.txt
@@ -11504,6 +11597,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [String] :expected_bucket_owner
     #   The account id of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access
@@ -11584,6 +11680,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [String] :expected_bucket_owner
     #   The account id of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access
@@ -11685,6 +11784,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [String] :expected_bucket_owner
     #   The account id of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access
@@ -11813,6 +11915,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [required, Types::Tagging] :tagging
     #   Container for the `TagSet` and `Tag` elements
     #
@@ -11925,6 +12030,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutPublicAccessBlock` request body.
     #
+    #   For requests made using the AWS Command Line Interface (CLI) or AWS
+    #   SDKs, this field is calculated automatically.
+    #
     # @option params [required, Types::PublicAccessBlockConfiguration] :public_access_block_configuration
     #   The `PublicAccessBlock` configuration that you want to apply to this
     #   Amazon S3 bucket. You can enable the configuration options in any
@@ -12064,18 +12172,18 @@ module Aws::S3
     # * Amazon S3 accepts a select request even if the object has already
     #   been restored. A select request doesn’t return error response `409`.
     #
-    # **Restoring Archives**
+    # **Restoring objects**
     #
-    # Objects that you archive to the S3 Glacier, S3 Glacier Deep Archive,
-    # S3 Intelligent-Tiering Archive, or S3 Intelligent-Tiering Deep Archive
-    # storage classes are not accessible in real time. For objects in
-    # Archive Access tier or Deep Archive Access tier you must first
-    # initiate a restore request, and then wait until the object is moved
-    # into the Frequent Access tier. For objects in S3 Glacier or S3 Glacier
-    # Deep Archive you must first initiate a restore request, and then wait
-    # until a temporary copy of the object is available. To access an
-    # archived object, you must restore the object for the duration (number
-    # of days) that you specify.
+    # Objects that you archive to the S3 Glacier or S3 Glacier Deep Archive
+    # storage class, and S3 Intelligent-Tiering Archive or S3
+    # Intelligent-Tiering Deep Archive tiers are not accessible in real
+    # time. For objects in Archive Access or Deep Archive Access tiers you
+    # must first initiate a restore request, and then wait until the object
+    # is moved into the Frequent Access tier. For objects in S3 Glacier or
+    # S3 Glacier Deep Archive storage classes you must first initiate a
+    # restore request, and then wait until a temporary copy of the object is
+    # available. To access an archived object, you must restore the object
+    # for the duration (number of days) that you specify.
     #
     # To restore a specific object version, you can provide a version ID. If
     # you don't provide a version ID, Amazon S3 restores the current
@@ -12086,35 +12194,34 @@ module Aws::S3
     # element of the request body:
     #
     # * <b> <code>Expedited</code> </b> - Expedited retrievals allow you to
-    #   quickly access your data stored in the S3 Glacier or S3
-    #   Intelligent-Tiering Archive storage class when occasional urgent
-    #   requests for a subset of archives are required. For all but the
-    #   largest archived objects (250 MB+), data accessed using Expedited
-    #   retrievals is typically made available within 1–5 minutes.
-    #   Provisioned capacity ensures that retrieval capacity for Expedited
-    #   retrievals is available when you need it. Expedited retrievals and
-    #   provisioned capacity are not available for objects stored in the S3
-    #   Glacier Deep Archive or S3 Intelligent-Tiering Deep Archive storage
-    #   class.
+    #   quickly access your data stored in the S3 Glacier storage class or
+    #   S3 Intelligent-Tiering Archive tier when occasional urgent requests
+    #   for a subset of archives are required. For all but the largest
+    #   archived objects (250 MB+), data accessed using Expedited retrievals
+    #   is typically made available within 1–5 minutes. Provisioned capacity
+    #   ensures that retrieval capacity for Expedited retrievals is
+    #   available when you need it. Expedited retrievals and provisioned
+    #   capacity are not available for objects stored in the S3 Glacier Deep
+    #   Archive storage class or S3 Intelligent-Tiering Deep Archive tier.
     #
     # * <b> <code>Standard</code> </b> - Standard retrievals allow you to
     #   access any of your archived objects within several hours. This is
     #   the default option for retrieval requests that do not specify the
     #   retrieval option. Standard retrievals typically finish within 3–5
-    #   hours for objects stored in the S3 Glacier or S3 Intelligent-Tiering
-    #   Archive storage class. They typically finish within 12 hours for
-    #   objects stored in the S3 Glacier Deep Archive or S3
-    #   Intelligent-Tiering Deep Archive storage class. Standard retrievals
-    #   are free for objects stored in S3 Intelligent-Tiering.
+    #   hours for objects stored in the S3 Glacier storage class or S3
+    #   Intelligent-Tiering Archive tier. They typically finish within 12
+    #   hours for objects stored in the S3 Glacier Deep Archive storage
+    #   class or S3 Intelligent-Tiering Deep Archive tier. Standard
+    #   retrievals are free for objects stored in S3 Intelligent-Tiering.
     #
     # * <b> <code>Bulk</code> </b> - Bulk retrievals are the lowest-cost
     #   retrieval option in S3 Glacier, enabling you to retrieve large
     #   amounts, even petabytes, of data inexpensively. Bulk retrievals
     #   typically finish within 5–12 hours for objects stored in the S3
-    #   Glacier or S3 Intelligent-Tiering Archive storage class. They
+    #   Glacier storage class or S3 Intelligent-Tiering Archive tier. They
     #   typically finish within 48 hours for objects stored in the S3
-    #   Glacier Deep Archive or S3 Intelligent-Tiering Deep Archive storage
-    #   class. Bulk retrievals are free for objects stored in S3
+    #   Glacier Deep Archive storage class or S3 Intelligent-Tiering Deep
+    #   Archive tier. Bulk retrievals are free for objects stored in S3
     #   Intelligent-Tiering.
     #
     # For more information about archive retrieval options and provisioned
@@ -13003,6 +13110,7 @@ module Aws::S3
     #   * {Types::UploadPartOutput#sse_customer_algorithm #sse_customer_algorithm} => String
     #   * {Types::UploadPartOutput#sse_customer_key_md5 #sse_customer_key_md5} => String
     #   * {Types::UploadPartOutput#ssekms_key_id #ssekms_key_id} => String
+    #   * {Types::UploadPartOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::UploadPartOutput#request_charged #request_charged} => String
     #
     #
@@ -13048,6 +13156,7 @@ module Aws::S3
     #   resp.sse_customer_algorithm #=> String
     #   resp.sse_customer_key_md5 #=> String
     #   resp.ssekms_key_id #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.request_charged #=> String, one of "requester"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPart AWS API Documentation
@@ -13353,6 +13462,7 @@ module Aws::S3
     #   * {Types::UploadPartCopyOutput#sse_customer_algorithm #sse_customer_algorithm} => String
     #   * {Types::UploadPartCopyOutput#sse_customer_key_md5 #sse_customer_key_md5} => String
     #   * {Types::UploadPartCopyOutput#ssekms_key_id #ssekms_key_id} => String
+    #   * {Types::UploadPartCopyOutput#bucket_key_enabled #bucket_key_enabled} => Boolean
     #   * {Types::UploadPartCopyOutput#request_charged #request_charged} => String
     #
     #
@@ -13431,6 +13541,7 @@ module Aws::S3
     #   resp.sse_customer_algorithm #=> String
     #   resp.sse_customer_key_md5 #=> String
     #   resp.ssekms_key_id #=> String
+    #   resp.bucket_key_enabled #=> Boolean
     #   resp.request_charged #=> String, one of "requester"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/UploadPartCopy AWS API Documentation
@@ -13455,7 +13566,7 @@ module Aws::S3
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.84.1'
+      context[:gem_version] = '1.87.0'
       Seahorse::Client::Request.new(handlers, context)
     end