aws-sdk-s3 1.85.0 → 1.88.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -16,16 +16,22 @@ for all operations.
16
16
 
17
17
  def add_handlers(handlers, config)
18
18
  handlers.add(OptionHandler, step: :initialize)
19
- handlers.add(DualstackHandler, step: :build, priority: 0)
19
+ handlers.add(DualstackHandler, step: :build, priority: 11)
20
20
  end
21
21
 
22
22
  # @api private
23
23
  class OptionHandler < Seahorse::Client::Handler
24
24
  def call(context)
25
+ # Support client configuration and per-operation configuration
25
26
  if context.params.is_a?(Hash)
26
27
  dualstack = context.params.delete(:use_dualstack_endpoint)
27
28
  end
28
29
  dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
30
+ # Raise if :endpoint and dualstack are both provided
31
+ if dualstack && !context.config.regional_endpoint
32
+ raise ArgumentError,
33
+ 'Cannot use both :use_dualstack_endpoint and :endpoint'
34
+ end
29
35
  context[:use_dualstack_endpoint] = dualstack
30
36
  @handler.call(context)
31
37
  end
@@ -34,7 +40,9 @@ for all operations.
34
40
  # @api private
35
41
  class DualstackHandler < Seahorse::Client::Handler
36
42
  def call(context)
37
- apply_dualstack_endpoint(context) if use_dualstack_endpoint?(context)
43
+ if context.config.regional_endpoint && use_dualstack_endpoint?(context)
44
+ apply_dualstack_endpoint(context)
45
+ end
38
46
  @handler.call(context)
39
47
  end
40
48
 
@@ -42,7 +50,6 @@ for all operations.
42
50
  def apply_dualstack_endpoint(context)
43
51
  bucket_name = context.params[:bucket]
44
52
  region = context.config.region
45
- context.config.force_path_style
46
53
  dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
47
54
 
48
55
  if use_bucket_dns?(bucket_name, context)
@@ -30,8 +30,7 @@ region. Defaults to `legacy` mode using global endpoint.
30
30
  if context.config.s3_us_east_1_regional_endpoint == 'legacy'
31
31
  host = context.http_request.endpoint.host
32
32
  # if it's an ARN, don't touch the endpoint at all
33
- # TODO this should use context.metadata[:s3_arn] later
34
- unless host.include?('.s3-outposts.') || host.include?('.s3-accesspoint.')
33
+ unless context.metadata[:s3_arn]
35
34
  legacy_host = IADRegionalEndpoint.legacy_host(host)
36
35
  context.http_request.endpoint.host = legacy_host
37
36
  end
@@ -73,22 +73,14 @@ module Aws
73
73
  region: context[:cached_sigv4_region],
74
74
  credentials: context.config.credentials
75
75
  )
76
- else
77
- resolved_region, arn = ARN.resolve_arn!(
78
- context.params[:bucket],
79
- context.config.sigv4_signer.region,
80
- context.config.s3_use_arn_region
76
+ elsif (arn = context.metadata[:s3_arn])
77
+ S3Signer.build_v4_signer(
78
+ service: arn[:arn].service,
79
+ region: arn[:resolved_region],
80
+ credentials: context.config.credentials
81
81
  )
82
-
83
- if arn
84
- S3Signer.build_v4_signer(
85
- service: arn.service,
86
- region: resolved_region,
87
- credentials: context.config.credentials
88
- )
89
- else
90
- context.config.sigv4_signer
91
- end
82
+ else
83
+ context.config.sigv4_signer
92
84
  end
93
85
  end
94
86
  end
@@ -173,10 +165,14 @@ module Aws
173
165
  context, actual_region
174
166
  )
175
167
  context.metadata[:redirect_region] = actual_region
168
+ # if it's an ARN, use the service in the ARN
169
+ if (arn = context.metadata[:s3_arn])
170
+ service = arn[:arn].service
171
+ end
176
172
  Aws::Plugins::SignatureV4.apply_signature(
177
173
  context: context,
178
174
  signer: S3Signer.build_v4_signer(
179
- service: 's3',
175
+ service: service || 's3',
180
176
  region: actual_region,
181
177
  credentials: context.config.credentials
182
178
  )
@@ -219,20 +215,16 @@ module Aws
219
215
  )
220
216
  end
221
217
 
218
+ # Check to see if the bucket is actually an ARN
219
+ # Otherwise it will retry with the ARN as the bucket name.
222
220
  def new_hostname(context, region)
223
- # Check to see if the bucket is actually an ARN and resolve it
224
- # Otherwise it will retry with the ARN as the bucket name.
225
- resolved_region, arn = ARN.resolve_arn!(
226
- context.params[:bucket],
227
- region,
228
- context.config.s3_use_arn_region
229
- )
230
221
  uri = URI.parse(
231
- Aws::Partitions::EndpointProvider.resolve(resolved_region, 's3')
222
+ Aws::Partitions::EndpointProvider.resolve(region, 's3')
232
223
  )
233
224
 
234
- if arn
235
- ARN.resolve_url!(uri, arn).host
225
+ if (arn = context.metadata[:s3_arn])
226
+ # Retry with the response region and not the ARN resolved one
227
+ ARN.resolve_url!(uri, arn[:arn], region).host
236
228
  else
237
229
  "#{context.params[:bucket]}.#{uri.host}"
238
230
  end
@@ -196,8 +196,6 @@ module Aws
196
196
  req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
197
197
  req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
198
198
 
199
- signer = build_signer(req.context, unsigned_headers)
200
-
201
199
  req.handle(step: :send) do |context|
202
200
  if scheme != http_req.endpoint.scheme
203
201
  endpoint = http_req.endpoint.dup
@@ -222,6 +220,20 @@ module Aws
222
220
  end
223
221
  http_req.endpoint.query = query.join('&') unless query.empty?
224
222
 
223
+ # If it's an ARN, get the resolved region and service
224
+ if (arn = context.metadata[:s3_arn])
225
+ region = arn[:resolved_region]
226
+ service = arn[:arn].service
227
+ end
228
+
229
+ signer = Aws::Sigv4::Signer.new(
230
+ service: service || 's3',
231
+ region: region || context.config.region,
232
+ credentials_provider: context.config.credentials,
233
+ unsigned_headers: unsigned_headers,
234
+ uri_escape_path: false
235
+ )
236
+
225
237
  url = signer.presign_url(
226
238
  http_method: http_req.http_method,
227
239
  url: http_req.endpoint,
@@ -239,29 +251,6 @@ module Aws
239
251
  # Return the headers
240
252
  x_amz_headers
241
253
  end
242
-
243
- def build_signer(context, unsigned_headers)
244
- signer_opts = {
245
- service: 's3',
246
- region: context.config.region,
247
- credentials_provider: context.config.credentials,
248
- unsigned_headers: unsigned_headers,
249
- uri_escape_path: false
250
- }
251
-
252
- resolved_region, arn = Aws::S3::Plugins::ARN.resolve_arn!(
253
- context.params[:bucket],
254
- context.config.sigv4_signer.region,
255
- context.config.s3_use_arn_region
256
- )
257
-
258
- if arn
259
- signer_opts[:region] = resolved_region
260
- signer_opts[:service] = arn.service
261
- end
262
-
263
- Aws::Sigv4::Signer.new(signer_opts)
264
- end
265
254
  end
266
255
  end
267
256
  end
@@ -459,7 +459,8 @@ module Aws::S3
459
459
  # @return [String]
460
460
  #
461
461
  # @!attribute [rw] creation_date
462
- # Date the bucket was created.
462
+ # Date the bucket was created. This date can change when making
463
+ # changes to your bucket, such as editing its bucket policy.
463
464
  # @return [Time]
464
465
  #
465
466
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/Bucket AWS API Documentation
@@ -973,6 +974,11 @@ module Aws::S3
973
974
  # used for the object.
974
975
  # @return [String]
975
976
  #
977
+ # @!attribute [rw] bucket_key_enabled
978
+ # Indicates whether the multipart upload uses an S3 Bucket Key for
979
+ # server-side encryption with AWS KMS (SSE-KMS).
980
+ # @return [Boolean]
981
+ #
976
982
  # @!attribute [rw] request_charged
977
983
  # If present, indicates that the requester was successfully charged
978
984
  # for the request.
@@ -989,6 +995,7 @@ module Aws::S3
989
995
  :server_side_encryption,
990
996
  :version_id,
991
997
  :ssekms_key_id,
998
+ :bucket_key_enabled,
992
999
  :request_charged)
993
1000
  SENSITIVE = [:ssekms_key_id]
994
1001
  include Aws::Structure
@@ -1213,6 +1220,11 @@ module Aws::S3
1213
1220
  # pairs.
1214
1221
  # @return [String]
1215
1222
  #
1223
+ # @!attribute [rw] bucket_key_enabled
1224
+ # Indicates whether the copied object uses an S3 Bucket Key for
1225
+ # server-side encryption with AWS KMS (SSE-KMS).
1226
+ # @return [Boolean]
1227
+ #
1216
1228
  # @!attribute [rw] request_charged
1217
1229
  # If present, indicates that the requester was successfully charged
1218
1230
  # for the request.
@@ -1230,6 +1242,7 @@ module Aws::S3
1230
1242
  :sse_customer_key_md5,
1231
1243
  :ssekms_key_id,
1232
1244
  :ssekms_encryption_context,
1245
+ :bucket_key_enabled,
1233
1246
  :request_charged)
1234
1247
  SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
1235
1248
  include Aws::Structure
@@ -1270,6 +1283,7 @@ module Aws::S3
1270
1283
  # sse_customer_key_md5: "SSECustomerKeyMD5",
1271
1284
  # ssekms_key_id: "SSEKMSKeyId",
1272
1285
  # ssekms_encryption_context: "SSEKMSEncryptionContext",
1286
+ # bucket_key_enabled: false,
1273
1287
  # copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
1274
1288
  # copy_source_sse_customer_key: "CopySourceSSECustomerKey",
1275
1289
  # copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
@@ -1513,6 +1527,16 @@ module Aws::S3
1513
1527
  # string holding JSON with the encryption context key-value pairs.
1514
1528
  # @return [String]
1515
1529
  #
1530
+ # @!attribute [rw] bucket_key_enabled
1531
+ # Specifies whether Amazon S3 should use an S3 Bucket Key for object
1532
+ # encryption with server-side encryption using AWS KMS (SSE-KMS).
1533
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket
1534
+ # Key for object encryption with SSE-KMS.
1535
+ #
1536
+ # Specifying this header with a COPY operation doesn’t affect
1537
+ # bucket-level settings for S3 Bucket Key.
1538
+ # @return [Boolean]
1539
+ #
1516
1540
  # @!attribute [rw] copy_source_sse_customer_algorithm
1517
1541
  # Specifies the algorithm to use when decrypting the source object
1518
1542
  # (for example, AES256).
@@ -1606,6 +1630,7 @@ module Aws::S3
1606
1630
  :sse_customer_key_md5,
1607
1631
  :ssekms_key_id,
1608
1632
  :ssekms_encryption_context,
1633
+ :bucket_key_enabled,
1609
1634
  :copy_source_sse_customer_algorithm,
1610
1635
  :copy_source_sse_customer_key,
1611
1636
  :copy_source_sse_customer_key_md5,
@@ -1859,6 +1884,11 @@ module Aws::S3
1859
1884
  # pairs.
1860
1885
  # @return [String]
1861
1886
  #
1887
+ # @!attribute [rw] bucket_key_enabled
1888
+ # Indicates whether the multipart upload uses an S3 Bucket Key for
1889
+ # server-side encryption with AWS KMS (SSE-KMS).
1890
+ # @return [Boolean]
1891
+ #
1862
1892
  # @!attribute [rw] request_charged
1863
1893
  # If present, indicates that the requester was successfully charged
1864
1894
  # for the request.
@@ -1877,6 +1907,7 @@ module Aws::S3
1877
1907
  :sse_customer_key_md5,
1878
1908
  :ssekms_key_id,
1879
1909
  :ssekms_encryption_context,
1910
+ :bucket_key_enabled,
1880
1911
  :request_charged)
1881
1912
  SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
1882
1913
  include Aws::Structure
@@ -1910,6 +1941,7 @@ module Aws::S3
1910
1941
  # sse_customer_key_md5: "SSECustomerKeyMD5",
1911
1942
  # ssekms_key_id: "SSEKMSKeyId",
1912
1943
  # ssekms_encryption_context: "SSEKMSEncryptionContext",
1944
+ # bucket_key_enabled: false,
1913
1945
  # request_payer: "requester", # accepts requester
1914
1946
  # tagging: "TaggingHeader",
1915
1947
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -2074,6 +2106,16 @@ module Aws::S3
2074
2106
  # string holding JSON with the encryption context key-value pairs.
2075
2107
  # @return [String]
2076
2108
  #
2109
+ # @!attribute [rw] bucket_key_enabled
2110
+ # Specifies whether Amazon S3 should use an S3 Bucket Key for object
2111
+ # encryption with server-side encryption using AWS KMS (SSE-KMS).
2112
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket
2113
+ # Key for object encryption with SSE-KMS.
2114
+ #
2115
+ # Specifying this header with an object operation doesn’t affect
2116
+ # bucket-level settings for S3 Bucket Key.
2117
+ # @return [Boolean]
2118
+ #
2077
2119
  # @!attribute [rw] request_payer
2078
2120
  # Confirms that the requester knows that they will be charged for the
2079
2121
  # request. Bucket owners need not specify this parameter in their
@@ -2136,6 +2178,7 @@ module Aws::S3
2136
2178
  :sse_customer_key_md5,
2137
2179
  :ssekms_key_id,
2138
2180
  :ssekms_encryption_context,
2181
+ :bucket_key_enabled,
2139
2182
  :request_payer,
2140
2183
  :tagging,
2141
2184
  :object_lock_mode,
@@ -5370,6 +5413,11 @@ module Aws::S3
5370
5413
  # used for the object.
5371
5414
  # @return [String]
5372
5415
  #
5416
+ # @!attribute [rw] bucket_key_enabled
5417
+ # Indicates whether the object uses an S3 Bucket Key for server-side
5418
+ # encryption with AWS KMS (SSE-KMS).
5419
+ # @return [Boolean]
5420
+ #
5373
5421
  # @!attribute [rw] storage_class
5374
5422
  # Provides storage class information of the object. Amazon S3 returns
5375
5423
  # this header for all objects except for S3 Standard storage class
@@ -5435,6 +5483,7 @@ module Aws::S3
5435
5483
  :sse_customer_algorithm,
5436
5484
  :sse_customer_key_md5,
5437
5485
  :ssekms_key_id,
5486
+ :bucket_key_enabled,
5438
5487
  :storage_class,
5439
5488
  :request_charged,
5440
5489
  :replication_status,
@@ -6222,6 +6271,11 @@ module Aws::S3
6222
6271
  # used for the object.
6223
6272
  # @return [String]
6224
6273
  #
6274
+ # @!attribute [rw] bucket_key_enabled
6275
+ # Indicates whether the object uses an S3 Bucket Key for server-side
6276
+ # encryption with AWS KMS (SSE-KMS).
6277
+ # @return [Boolean]
6278
+ #
6225
6279
  # @!attribute [rw] storage_class
6226
6280
  # Provides storage class information of the object. Amazon S3 returns
6227
6281
  # this header for all objects except for S3 Standard storage class
@@ -6241,11 +6295,11 @@ module Aws::S3
6241
6295
  #
6242
6296
  # @!attribute [rw] replication_status
6243
6297
  # Amazon S3 can return this header if your request involves a bucket
6244
- # that is either a source or destination in a replication rule.
6298
+ # that is either a source or a destination in a replication rule.
6245
6299
  #
6246
6300
  # In replication, you have a source bucket on which you configure
6247
- # replication and destination bucket where Amazon S3 stores object
6248
- # replicas. When you request an object (`GetObject`) or object
6301
+ # replication and destination bucket or buckets where Amazon S3 stores
6302
+ # object replicas. When you request an object (`GetObject`) or object
6249
6303
  # metadata (`HeadObject`) from these buckets, Amazon S3 will return
6250
6304
  # the `x-amz-replication-status` header in the response as follows:
6251
6305
  #
@@ -6262,10 +6316,18 @@ module Aws::S3
6262
6316
  # header with value PENDING, COMPLETED or FAILED indicating object
6263
6317
  # replication status.
6264
6318
  #
6265
- # * If requesting an object from the destination bucket — Amazon S3
6266
- # will return the `x-amz-replication-status` header with value
6267
- # REPLICA if the object in your request is a replica that Amazon S3
6268
- # created.
6319
+ # * If requesting an object from a destination bucket — Amazon S3 will
6320
+ # return the `x-amz-replication-status` header with value REPLICA if
6321
+ # the object in your request is a replica that Amazon S3 created and
6322
+ # there is no replica modification replication in progress.
6323
+ #
6324
+ # * When replicating objects to multiple destination buckets the
6325
+ # `x-amz-replication-status` header acts differently. The header of
6326
+ # the source object will only return a value of COMPLETED when
6327
+ # replication is successful to all destinations. The header will
6328
+ # remain at value PENDING until replication has completed for all
6329
+ # destinations. If one or more destinations fails replication the
6330
+ # header will return FAILED.
6269
6331
  #
6270
6332
  # For more information, see [Replication][1].
6271
6333
  #
@@ -6334,6 +6396,7 @@ module Aws::S3
6334
6396
  :sse_customer_algorithm,
6335
6397
  :sse_customer_key_md5,
6336
6398
  :ssekms_key_id,
6399
+ :bucket_key_enabled,
6337
6400
  :storage_class,
6338
6401
  :request_charged,
6339
6402
  :replication_status,
@@ -10178,6 +10241,7 @@ module Aws::S3
10178
10241
  # sse_algorithm: "AES256", # required, accepts AES256, aws:kms
10179
10242
  # kms_master_key_id: "SSEKMSKeyId",
10180
10243
  # },
10244
+ # bucket_key_enabled: false,
10181
10245
  # },
10182
10246
  # ],
10183
10247
  # },
@@ -10894,6 +10958,9 @@ module Aws::S3
10894
10958
  # sse_kms_encrypted_objects: {
10895
10959
  # status: "Enabled", # required, accepts Enabled, Disabled
10896
10960
  # },
10961
+ # replica_modifications: {
10962
+ # status: "Enabled", # required, accepts Enabled, Disabled
10963
+ # },
10897
10964
  # },
10898
10965
  # existing_object_replication: {
10899
10966
  # status: "Enabled", # required, accepts Enabled, Disabled
@@ -11650,6 +11717,11 @@ module Aws::S3
11650
11717
  # pairs.
11651
11718
  # @return [String]
11652
11719
  #
11720
+ # @!attribute [rw] bucket_key_enabled
11721
+ # Indicates whether the uploaded object uses an S3 Bucket Key for
11722
+ # server-side encryption with AWS KMS (SSE-KMS).
11723
+ # @return [Boolean]
11724
+ #
11653
11725
  # @!attribute [rw] request_charged
11654
11726
  # If present, indicates that the requester was successfully charged
11655
11727
  # for the request.
@@ -11666,6 +11738,7 @@ module Aws::S3
11666
11738
  :sse_customer_key_md5,
11667
11739
  :ssekms_key_id,
11668
11740
  :ssekms_encryption_context,
11741
+ :bucket_key_enabled,
11669
11742
  :request_charged)
11670
11743
  SENSITIVE = [:ssekms_key_id, :ssekms_encryption_context]
11671
11744
  include Aws::Structure
@@ -11702,6 +11775,7 @@ module Aws::S3
11702
11775
  # sse_customer_key_md5: "SSECustomerKeyMD5",
11703
11776
  # ssekms_key_id: "SSEKMSKeyId",
11704
11777
  # ssekms_encryption_context: "SSEKMSEncryptionContext",
11778
+ # bucket_key_enabled: false,
11705
11779
  # request_payer: "requester", # accepts requester
11706
11780
  # tagging: "TaggingHeader",
11707
11781
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -11951,6 +12025,16 @@ module Aws::S3
11951
12025
  # string holding JSON with the encryption context key-value pairs.
11952
12026
  # @return [String]
11953
12027
  #
12028
+ # @!attribute [rw] bucket_key_enabled
12029
+ # Specifies whether Amazon S3 should use an S3 Bucket Key for object
12030
+ # encryption with server-side encryption using AWS KMS (SSE-KMS).
12031
+ # Setting this header to `true` causes Amazon S3 to use an S3 Bucket
12032
+ # Key for object encryption with SSE-KMS.
12033
+ #
12034
+ # Specifying this header with a PUT operation doesn’t affect
12035
+ # bucket-level settings for S3 Bucket Key.
12036
+ # @return [Boolean]
12037
+ #
11954
12038
  # @!attribute [rw] request_payer
11955
12039
  # Confirms that the requester knows that they will be charged for the
11956
12040
  # request. Bucket owners need not specify this parameter in their
@@ -12020,6 +12104,7 @@ module Aws::S3
12020
12104
  :sse_customer_key_md5,
12021
12105
  :ssekms_key_id,
12022
12106
  :ssekms_encryption_context,
12107
+ :bucket_key_enabled,
12023
12108
  :request_payer,
12024
12109
  :tagging,
12025
12110
  :object_lock_mode,
@@ -12500,6 +12585,37 @@ module Aws::S3
12500
12585
  include Aws::Structure
12501
12586
  end
12502
12587
 
12588
+ # A filter that you can specify for selection for modifications on
12589
+ # replicas. Amazon S3 doesn't replicate replica modifications by
12590
+ # default. In the latest version of replication configuration (when
12591
+ # `Filter` is specified), you can specify this element and set the
12592
+ # status to `Enabled` to replicate modifications on replicas.
12593
+ #
12594
+ # <note markdown="1"> If you don't specify the `Filter` element, Amazon S3 assumes that the
12595
+ # replication configuration is the earlier version, V1. In the earlier
12596
+ # version, this element is not allowed.
12597
+ #
12598
+ # </note>
12599
+ #
12600
+ # @note When making an API call, you may pass ReplicaModifications
12601
+ # data as a hash:
12602
+ #
12603
+ # {
12604
+ # status: "Enabled", # required, accepts Enabled, Disabled
12605
+ # }
12606
+ #
12607
+ # @!attribute [rw] status
12608
+ # Specifies whether Amazon S3 replicates modifications on replicas.
12609
+ # @return [String]
12610
+ #
12611
+ # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ReplicaModifications AWS API Documentation
12612
+ #
12613
+ class ReplicaModifications < Struct.new(
12614
+ :status)
12615
+ SENSITIVE = []
12616
+ include Aws::Structure
12617
+ end
12618
+
12503
12619
  # A container for replication rules. You can add up to 1,000 rules. The
12504
12620
  # maximum size of a replication configuration is 2 MB.
12505
12621
  #
@@ -12534,6 +12650,9 @@ module Aws::S3
12534
12650
  # sse_kms_encrypted_objects: {
12535
12651
  # status: "Enabled", # required, accepts Enabled, Disabled
12536
12652
  # },
12653
+ # replica_modifications: {
12654
+ # status: "Enabled", # required, accepts Enabled, Disabled
12655
+ # },
12537
12656
  # },
12538
12657
  # existing_object_replication: {
12539
12658
  # status: "Enabled", # required, accepts Enabled, Disabled
@@ -12625,6 +12744,9 @@ module Aws::S3
12625
12744
  # sse_kms_encrypted_objects: {
12626
12745
  # status: "Enabled", # required, accepts Enabled, Disabled
12627
12746
  # },
12747
+ # replica_modifications: {
12748
+ # status: "Enabled", # required, accepts Enabled, Disabled
12749
+ # },
12628
12750
  # },
12629
12751
  # existing_object_replication: {
12630
12752
  # status: "Enabled", # required, accepts Enabled, Disabled
@@ -12663,17 +12785,12 @@ module Aws::S3
12663
12785
  # @return [String]
12664
12786
  #
12665
12787
  # @!attribute [rw] priority
12666
- # The priority associated with the rule. If you specify multiple rules
12667
- # in a replication configuration, Amazon S3 prioritizes the rules to
12668
- # prevent conflicts when filtering. If two or more rules identify the
12669
- # same object based on a specified filter, the rule with higher
12670
- # priority takes precedence. For example:
12671
- #
12672
- # * Same object quality prefix-based filter criteria if prefixes you
12673
- # specified in multiple rules overlap
12674
- #
12675
- # * Same object qualify tag-based filter criteria specified in
12676
- # multiple rules
12788
+ # The priority indicates which rule has precedence whenever two or
12789
+ # more replication rules conflict. Amazon S3 will attempt to replicate
12790
+ # objects according to all replication rules. However, if there are
12791
+ # two or more rules with the same destination bucket, then objects
12792
+ # will be replicated according to the rule with the highest priority.
12793
+ # The higher the number, the higher the priority.
12677
12794
  #
12678
12795
  # For more information, see [Replication][1] in the *Amazon Simple
12679
12796
  # Storage Service Developer Guide*.
@@ -13945,6 +14062,7 @@ module Aws::S3
13945
14062
  # sse_algorithm: "AES256", # required, accepts AES256, aws:kms
13946
14063
  # kms_master_key_id: "SSEKMSKeyId",
13947
14064
  # },
14065
+ # bucket_key_enabled: false,
13948
14066
  # },
13949
14067
  # ],
13950
14068
  # }
@@ -13972,6 +14090,7 @@ module Aws::S3
13972
14090
  # sse_algorithm: "AES256", # required, accepts AES256, aws:kms
13973
14091
  # kms_master_key_id: "SSEKMSKeyId",
13974
14092
  # },
14093
+ # bucket_key_enabled: false,
13975
14094
  # }
13976
14095
  #
13977
14096
  # @!attribute [rw] apply_server_side_encryption_by_default
@@ -13980,10 +14099,26 @@ module Aws::S3
13980
14099
  # server-side encryption, this default encryption will be applied.
13981
14100
  # @return [Types::ServerSideEncryptionByDefault]
13982
14101
  #
14102
+ # @!attribute [rw] bucket_key_enabled
14103
+ # Specifies whether Amazon S3 should use an S3 Bucket Key with
14104
+ # server-side encryption using KMS (SSE-KMS) for new objects in the
14105
+ # bucket. Existing objects are not affected. Setting the
14106
+ # `BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3
14107
+ # Bucket Key. By default, S3 Bucket Key is not enabled.
14108
+ #
14109
+ # For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon
14110
+ # Simple Storage Service Developer Guide*.
14111
+ #
14112
+ #
14113
+ #
14114
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
14115
+ # @return [Boolean]
14116
+ #
13983
14117
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule AWS API Documentation
13984
14118
  #
13985
14119
  class ServerSideEncryptionRule < Struct.new(
13986
- :apply_server_side_encryption_by_default)
14120
+ :apply_server_side_encryption_by_default,
14121
+ :bucket_key_enabled)
13987
14122
  SENSITIVE = []
13988
14123
  include Aws::Structure
13989
14124
  end
@@ -14002,6 +14137,9 @@ module Aws::S3
14002
14137
  # sse_kms_encrypted_objects: {
14003
14138
  # status: "Enabled", # required, accepts Enabled, Disabled
14004
14139
  # },
14140
+ # replica_modifications: {
14141
+ # status: "Enabled", # required, accepts Enabled, Disabled
14142
+ # },
14005
14143
  # }
14006
14144
  #
14007
14145
  # @!attribute [rw] sse_kms_encrypted_objects
@@ -14011,10 +14149,25 @@ module Aws::S3
14011
14149
  # element is required.
14012
14150
  # @return [Types::SseKmsEncryptedObjects]
14013
14151
  #
14152
+ # @!attribute [rw] replica_modifications
14153
+ # A filter that you can specify for selections for modifications on
14154
+ # replicas. Amazon S3 doesn't replicate replica modifications by
14155
+ # default. In the latest version of replication configuration (when
14156
+ # `Filter` is specified), you can specify this element and set the
14157
+ # status to `Enabled` to replicate modifications on replicas.
14158
+ #
14159
+ # <note markdown="1"> If you don't specify the `Filter` element, Amazon S3 assumes that
14160
+ # the replication configuration is the earlier version, V1. In the
14161
+ # earlier version, this element is not allowed
14162
+ #
14163
+ # </note>
14164
+ # @return [Types::ReplicaModifications]
14165
+ #
14014
14166
  # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/SourceSelectionCriteria AWS API Documentation
14015
14167
  #
14016
14168
  class SourceSelectionCriteria < Struct.new(
14017
- :sse_kms_encrypted_objects)
14169
+ :sse_kms_encrypted_objects,
14170
+ :replica_modifications)
14018
14171
  SENSITIVE = []
14019
14172
  include Aws::Structure
14020
14173
  end
@@ -14470,6 +14623,11 @@ module Aws::S3
14470
14623
  # used for the object.
14471
14624
  # @return [String]
14472
14625
  #
14626
+ # @!attribute [rw] bucket_key_enabled
14627
+ # Indicates whether the multipart upload uses an S3 Bucket Key for
14628
+ # server-side encryption with AWS KMS (SSE-KMS).
14629
+ # @return [Boolean]
14630
+ #
14473
14631
  # @!attribute [rw] request_charged
14474
14632
  # If present, indicates that the requester was successfully charged
14475
14633
  # for the request.
@@ -14484,6 +14642,7 @@ module Aws::S3
14484
14642
  :sse_customer_algorithm,
14485
14643
  :sse_customer_key_md5,
14486
14644
  :ssekms_key_id,
14645
+ :bucket_key_enabled,
14487
14646
  :request_charged)
14488
14647
  SENSITIVE = [:ssekms_key_id]
14489
14648
  include Aws::Structure
@@ -14745,6 +14904,11 @@ module Aws::S3
14745
14904
  # for the object.
14746
14905
  # @return [String]
14747
14906
  #
14907
+ # @!attribute [rw] bucket_key_enabled
14908
+ # Indicates whether the multipart upload uses an S3 Bucket Key for
14909
+ # server-side encryption with AWS KMS (SSE-KMS).
14910
+ # @return [Boolean]
14911
+ #
14748
14912
  # @!attribute [rw] request_charged
14749
14913
  # If present, indicates that the requester was successfully charged
14750
14914
  # for the request.
@@ -14758,6 +14922,7 @@ module Aws::S3
14758
14922
  :sse_customer_algorithm,
14759
14923
  :sse_customer_key_md5,
14760
14924
  :ssekms_key_id,
14925
+ :bucket_key_enabled,
14761
14926
  :request_charged)
14762
14927
  SENSITIVE = [:ssekms_key_id]
14763
14928
  include Aws::Structure