aws-sdk-s3 1.96.2 → 1.100.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 242ed586795b4719f27d124b42faaa419bf14d4c5dc3b612db75583df4563685
-  data.tar.gz: dadf398788037a0cd952f24aa0ff0e0f11de1a3af6223381c720effee0ca4bde
+  metadata.gz: 30aef56797764890a0f8928bde79b89bf5ee0aefc74048aca3288c7a9fef62d6
+  data.tar.gz: 6dd16669733df08806718df48e5910a8d2f65f8b163a0b1e2da6bf38416f16d0
 SHA512:
-  metadata.gz: 1095e47c4edccb43eb079cfbc7dadb9b6fa077d7bf2344571041cede5e587ac70d76cecdef4f514890f5c576416ffd89d6ac07bd876559bb59a229a1bb0dc103
-  data.tar.gz: 7df71120e7b7da8eee77f7df0fbe64a86f4452b137909578aee664d80c7126591b728b4a8efbaa8c367a102e6ab912b8cae961955dfa8fc2124aed82e0f1660f
+  metadata.gz: 150908a5c7a813838f01ff707ff0ace94014818c301c0b34763f08325604d04e3a2f98b34929ba6833536a78e594330a4c79fd64e05496c92fdde9e89b17394c
+  data.tar.gz: 7799e87d49616f30f9aa8ff3be5350c8e4e5ad4f9c8f53d2c75f0a8ae2458d86ced47c792917f18821ea22d124e7e55cd8213d3a917ceb3f9f23f4d298f760ad

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.100.0 (2021-08-27)
+------------------
+
+* Feature - Documentation updates for Amazon S3.
+
+1.99.0 (2021-08-16)
+------------------
+
+* Feature - Documentation updates for Amazon S3
+
+1.98.0 (2021-07-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.97.0 (2021-07-28)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.96.2 (2021-07-20)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.96.2
+1.100.0

data/lib/aws-sdk-s3/bucket.rb

@@ -315,8 +315,8 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     # @option options [Boolean] :bypass_governance_retention
     #   Specifies whether you want to delete this object even if it has a
-    #   Governance-type Object Lock in place. You must have sufficient
-    #   permissions to perform this operation.
+    #   Governance-type Object Lock in place. To use this header, you must
+    #   have the `s3:PutBucketPublicAccessBlock` permission.
     # @option options [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access
@@ -515,18 +515,18 @@ module Aws::S3
     #   ensure that the encryption key was transmitted without error.
     # @option options [String] :ssekms_key_id
     #   If `x-amz-server-side-encryption` is present and has the value of
-    #   `aws:kms`, this header specifies the ID of the AWS Key Management
-    #   Service (AWS KMS) symmetrical customer managed customer master key
-    #   (CMK) that was used for the object. If you specify
-    #   `x-amz-server-side-encryption:aws:kms`, but do not provide`
-    #   x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS
-    #   managed CMK in AWS to protect the data. If the KMS key does not exist
-    #   in the same account issuing the command, you must use the full ARN and
-    #   not just the ID.
+    #   `aws:kms`, this header specifies the ID of the Amazon Web Services Key
+    #   Management Service (Amazon Web Services KMS) symmetrical customer
+    #   managed customer master key (CMK) that was used for the object. If you
+    #   specify `x-amz-server-side-encryption:aws:kms`, but do not provide`
+    #   x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
+    #   Amazon Web Services managed CMK in Amazon Web Services to protect the
+    #   data. If the KMS key does not exist in the same account issuing the
+    #   command, you must use the full ARN and not just the ID.
     # @option options [String] :ssekms_encryption_context
-    #   Specifies the AWS KMS Encryption Context to use for object encryption.
-    #   The value of this header is a base64-encoded UTF-8 string holding JSON
-    #   with the encryption context key-value pairs.
+    #   Specifies the Amazon Web Services KMS Encryption Context to use for
+    #   object encryption. The value of this header is a base64-encoded UTF-8
+    #   string holding JSON with the encryption context key-value pairs.
     # @option options [Boolean] :bucket_key_enabled
     #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
     #   encryption with server-side encryption using AWS KMS (SSE-KMS).

data/lib/aws-sdk-s3/bucket_acl.rb

@@ -221,8 +221,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #

data/lib/aws-sdk-s3/bucket_cors.rb

@@ -224,8 +224,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #

data/lib/aws-sdk-s3/bucket_lifecycle.rb

@@ -228,8 +228,9 @@ module Aws::S3
     #   })
     # @param [Hash] options ({})
     # @option options [String] :content_md5
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     # @option options [Types::LifecycleConfiguration] :lifecycle_configuration
     # @option options [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by

data/lib/aws-sdk-s3/bucket_logging.rb

@@ -210,8 +210,9 @@ module Aws::S3
     # @option options [String] :content_md5
     #   The MD5 hash of the `PutBucketLogging` request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     # @option options [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access

data/lib/aws-sdk-s3/bucket_notification.rb

@@ -48,8 +48,8 @@ module Aws::S3
       data[:queue_configurations]
     end
 
-    # Describes the AWS Lambda functions to invoke and the events for which
-    # to invoke them.
+    # Describes the Lambda functions to invoke and the events for which to
+    # invoke them.
     # @return [Array<Types::LambdaFunctionConfiguration>]
     def lambda_function_configurations
       data[:lambda_function_configurations]

data/lib/aws-sdk-s3/bucket_policy.rb

@@ -203,8 +203,9 @@ module Aws::S3
     # @option options [String] :content_md5
     #   The MD5 hash of the request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     # @option options [Boolean] :confirm_remove_self_bucket_access
     #   Set this parameter to true to confirm that you want to remove your
     #   permissions to change this bucket policy in the future.

data/lib/aws-sdk-s3/bucket_request_payment.rb

@@ -189,8 +189,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #

data/lib/aws-sdk-s3/bucket_tagging.rb

@@ -211,8 +211,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #

data/lib/aws-sdk-s3/bucket_versioning.rb

@@ -197,8 +197,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -240,8 +241,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -276,8 +278,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #

data/lib/aws-sdk-s3/bucket_website.rb

@@ -252,8 +252,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #

data/lib/aws-sdk-s3/client.rb

@@ -452,19 +452,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -626,6 +626,28 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   Name of the bucket to which the multipart upload was initiated.
     #
+    #   When using this action with an access point, you must direct requests
+    #   to the access point hostname. The access point hostname takes the form
+    #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
+    #
+    #   When using this action with Amazon S3 on Outposts, you must direct
+    #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
+    #   takes the form
+    #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
+    #
     # @option params [required, String] :key
     #   Object key for which the multipart upload was initiated.
     #
@@ -837,12 +859,12 @@ module Aws::S3
     #
     # When you perform a CopyObject operation, you can optionally use the
     # appropriate encryption-related headers to encrypt the object using
-    # server-side encryption with AWS managed encryption keys (SSE-S3 or
-    # SSE-KMS) or a customer-provided encryption key. With server-side
-    # encryption, Amazon S3 encrypts your data as it writes it to disks in
-    # its data centers and decrypts the data when you access it. For more
-    # information about server-side encryption, see [Using Server-Side
-    # Encryption][8].
+    # server-side encryption with Amazon Web Services managed encryption
+    # keys (SSE-S3 or SSE-KMS) or a customer-provided encryption key. With
+    # server-side encryption, Amazon S3 encrypts your data as it writes it
+    # to disks in its data centers and decrypts the data when you access it.
+    # For more information about server-side encryption, see [Using
+    # Server-Side Encryption][8].
     #
     # If a target object uses SSE-KMS, you can enable an S3 Bucket Key for
     # the object. For more information, see [Amazon S3 Bucket Keys][9] in
@@ -853,10 +875,11 @@ module Aws::S3
     # When copying an object, you can optionally use headers to grant
     # ACL-based permissions. By default, all objects are private. Only the
     # owner has full access control. When adding a new object, you can grant
-    # permissions to individual AWS accounts or to predefined groups defined
-    # by Amazon S3. These permissions are then added to the ACL on the
-    # object. For more information, see [Access Control List (ACL)
-    # Overview][10] and [Managing ACLs Using the REST API][11].
+    # permissions to individual Amazon Web Services accounts or to
+    # predefined groups defined by Amazon S3. These permissions are then
+    # added to the ACL on the object. For more information, see [Access
+    # Control List (ACL) Overview][10] and [Managing ACLs Using the REST
+    # API][11].
     #
     # **Storage Class Options**
     #
@@ -923,19 +946,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -982,7 +1005,8 @@ module Aws::S3
     #     The value must be URL encoded.
     #
     #     <note markdown="1"> Amazon S3 supports copy operations using access points only when the
-    #     source and destination buckets are in the same AWS Region.
+    #     source and destination buckets are in the same Amazon Web Services
+    #     Region.
     #
     #      </note>
     #
@@ -1095,21 +1119,22 @@ module Aws::S3
     #   ensure that the encryption key was transmitted without error.
     #
     # @option params [String] :ssekms_key_id
-    #   Specifies the AWS KMS key ID to use for object encryption. All GET and
-    #   PUT requests for an object protected by AWS KMS will fail if not made
-    #   via SSL or using SigV4. For information about configuring using any of
-    #   the officially supported AWS SDKs and AWS CLI, see [Specifying the
-    #   Signature Version in Request Authentication][1] in the *Amazon S3 User
-    #   Guide*.
+    #   Specifies the Amazon Web Services KMS key ID to use for object
+    #   encryption. All GET and PUT requests for an object protected by Amazon
+    #   Web Services KMS will fail if not made via SSL or using SigV4. For
+    #   information about configuring using any of the officially supported
+    #   Amazon Web Services SDKs and Amazon Web Services CLI, see [Specifying
+    #   the Signature Version in Request Authentication][1] in the *Amazon S3
+    #   User Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
     #
     # @option params [String] :ssekms_encryption_context
-    #   Specifies the AWS KMS Encryption Context to use for object encryption.
-    #   The value of this header is a base64-encoded UTF-8 string holding JSON
-    #   with the encryption context key-value pairs.
+    #   Specifies the Amazon Web Services KMS Encryption Context to use for
+    #   object encryption. The value of this header is a base64-encoded UTF-8
+    #   string holding JSON with the encryption context key-value pairs.
     #
     # @option params [Boolean] :bucket_key_enabled
     #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
@@ -1275,9 +1300,9 @@ module Aws::S3
     end
 
     # Creates a new S3 bucket. To create a bucket, you must register with
-    # Amazon S3 and have a valid AWS Access Key ID to authenticate requests.
-    # Anonymous requests are never allowed to create buckets. By creating
-    # the bucket, you become the bucket owner.
+    # Amazon S3 and have a valid Amazon Web Services Access Key ID to
+    # authenticate requests. Anonymous requests are never allowed to create
+    # buckets. By creating the bucket, you become the bucket owner.
     #
     # Not every string is an acceptable bucket name. For information about
     # bucket naming restrictions, see [Bucket naming rules][1].
@@ -1323,16 +1348,16 @@ module Aws::S3
     #   You specify each grantee as a type=value pair, where the type is one
     #   of the following:
     #
-    #   * `id` – if the value specified is the canonical user ID of an AWS
-    #     account
+    #   * `id` – if the value specified is the canonical user ID of an
+    #     Amazon Web Services account
     #
     #   * `uri` – if you are granting permissions to a predefined group
     #
     #   * `emailAddress` – if the value specified is the email address of an
-    #     AWS account
+    #     Amazon Web Services account
     #
     #     <note markdown="1"> Using email addresses to specify a grantee is only supported in
-    #     the following AWS Regions:
+    #     the following Amazon Web Services Regions:
     #
     #      * US East (N. Virginia)
     #
@@ -1351,13 +1376,14 @@ module Aws::S3
     #     * South America (São Paulo)
     #
     #      For a list of all the Amazon S3 supported Regions and endpoints,
-    #     see [Regions and Endpoints][7] in the AWS General Reference.
+    #     see [Regions and Endpoints][7] in the Amazon Web Services General
+    #     Reference.
     #
     #      </note>
     #
-    #   For example, the following `x-amz-grant-read` header grants the AWS
-    #   accounts identified by account IDs permissions to read object data
-    #   and its metadata:
+    #   For example, the following `x-amz-grant-read` header grants the
+    #   Amazon Web Services accounts identified by account IDs permissions
+    #   to read object data and its metadata:
     #
     #   `x-amz-grant-read: id="11112222333", id="444455556666" `
     #
@@ -1366,6 +1392,19 @@ module Aws::S3
     #
     #  </note>
     #
+    # **Permissions**
+    #
+    # If your `CreateBucket` request specifies ACL permissions and the ACL
+    # is public-read, public-read-write, authenticated-read, or if you
+    # specify access permissions explicitly through any other ACL, both
+    # `s3:CreateBucket` and `s3:PutBucketAcl` permissions are needed. If the
+    # ACL the `CreateBucket` request is private, only `s3:CreateBucket`
+    # permission is needed.
+    #
+    # If `ObjectLockEnabledForBucket` is set to true in your `CreateBucket`
+    # request, `s3:PutBucketObjectLockConfiguration` and
+    # `s3:PutBucketVersioning` permissions are required.
+    #
     # The following operations are related to `CreateBucket`\:
     #
     # * [PutObject][8]
@@ -1504,7 +1543,8 @@ module Aws::S3
     # to upload parts, and then complete the multipart upload process. You
     # sign each request individually. There is nothing special about signing
     # multipart upload requests. For more information about signing, see
-    # [Authenticating Requests (AWS Signature Version 4)][5].
+    # [Authenticating Requests (Amazon Web Services Signature Version
+    # 4)][5].
     #
     # <note markdown="1"> After you initiate a multipart upload and upload one or more parts, to
     # stop being charged for storing the uploaded parts, you must either
@@ -1517,26 +1557,27 @@ module Aws::S3
     # You can optionally request server-side encryption. For server-side
     # encryption, Amazon S3 encrypts your data as it writes it to disks in
     # its data centers and decrypts it when you access it. You can provide
-    # your own encryption key, or use AWS Key Management Service (AWS KMS)
-    # customer master keys (CMKs) or Amazon S3-managed encryption keys. If
-    # you choose to provide your own encryption key, the request headers you
-    # provide in [UploadPart][1] and [UploadPartCopy][6] requests must match
-    # the headers you used in the request to initiate the upload by using
-    # `CreateMultipartUpload`.
-    #
-    # To perform a multipart upload with encryption using an AWS KMS CMK,
-    # the requester must have permission to the `kms:Decrypt` and
-    # `kms:GenerateDataKey*` actions on the key. These permissions are
-    # required because Amazon S3 must decrypt and read data from the
-    # encrypted file parts before it completes the multipart upload. For
-    # more information, see [Multipart upload API and permissions][7] in the
-    # *Amazon S3 User Guide*.
-    #
-    # If your AWS Identity and Access Management (IAM) user or role is in
-    # the same AWS account as the AWS KMS CMK, then you must have these
-    # permissions on the key policy. If your IAM user or role belongs to a
-    # different account than the key, then you must have the permissions on
-    # both the key policy and your IAM user or role.
+    # your own encryption key, or use Amazon Web Services Key Management
+    # Service (Amazon Web Services KMS) customer master keys (CMKs) or
+    # Amazon S3-managed encryption keys. If you choose to provide your own
+    # encryption key, the request headers you provide in [UploadPart][1] and
+    # [UploadPartCopy][6] requests must match the headers you used in the
+    # request to initiate the upload by using `CreateMultipartUpload`.
+    #
+    # To perform a multipart upload with encryption using an Amazon Web
+    # Services KMS CMK, the requester must have permission to the
+    # `kms:Decrypt` and `kms:GenerateDataKey*` actions on the key. These
+    # permissions are required because Amazon S3 must decrypt and read data
+    # from the encrypted file parts before it completes the multipart
+    # upload. For more information, see [Multipart upload API and
+    # permissions][7] in the *Amazon S3 User Guide*.
+    #
+    # If your Identity and Access Management (IAM) user or role is in the
+    # same Amazon Web Services account as the Amazon Web Services KMS CMK,
+    # then you must have these permissions on the key policy. If your IAM
+    # user or role belongs to a different account than the key, then you
+    # must have the permissions on both the key policy and your IAM user or
+    # role.
     #
     # For more information, see [Protecting Data Using Server-Side
     # Encryption][8].
@@ -1566,13 +1607,14 @@ module Aws::S3
     #   server-side encryption. Server-side encryption is for data
     #   encryption at rest. Amazon S3 encrypts your data as it writes it to
     #   disks in its data centers and decrypts it when you access it. The
-    #   option you use depends on whether you want to use AWS managed
-    #   encryption keys or provide your own encryption key.
+    #   option you use depends on whether you want to use Amazon Web
+    #   Services managed encryption keys or provide your own encryption key.
     #
     #   * Use encryption keys managed by Amazon S3 or customer master keys
-    #     (CMKs) stored in AWS Key Management Service (AWS KMS) – If you
-    #     want AWS to manage the keys used to encrypt data, specify the
-    #     following headers in the request.
+    #     (CMKs) stored in Amazon Web Services Key Management Service
+    #     (Amazon Web Services KMS) – If you want Amazon Web Services to
+    #     manage the keys used to encrypt data, specify the following
+    #     headers in the request.
     #
     #     * x-amz-server-side-encryption
     #
@@ -1582,16 +1624,19 @@ module Aws::S3
     #
     #     <note markdown="1"> If you specify `x-amz-server-side-encryption:aws:kms`, but don't
     #     provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3
-    #     uses the AWS managed CMK in AWS KMS to protect the data.
+    #     uses the Amazon Web Services managed CMK in Amazon Web Services
+    #     KMS to protect the data.
     #
     #      </note>
     #
-    #     All GET and PUT requests for an object protected by AWS KMS fail
-    #     if you don't make them with SSL or by using SigV4.
+    #     All GET and PUT requests for an object protected by Amazon Web
+    #     Services KMS fail if you don't make them with SSL or by using
+    #     SigV4.
     #
     #     For more information about server-side encryption with CMKs stored
-    #     in AWS KMS (SSE-KMS), see [Protecting Data Using Server-Side
-    #     Encryption with CMKs stored in AWS KMS][11].
+    #     in Amazon Web Services KMS (SSE-KMS), see [Protecting Data Using
+    #     Server-Side Encryption with CMKs stored in Amazon Web Services
+    #     KMS][11].
     #
     #   * Use customer-provided encryption keys – If you want to manage your
     #     own encryption keys, provide all the following headers in the
@@ -1604,19 +1649,20 @@ module Aws::S3
     #     * x-amz-server-side-encryption-customer-key-MD5
     #
     #     For more information about server-side encryption with CMKs stored
-    #     in AWS KMS (SSE-KMS), see [Protecting Data Using Server-Side
-    #     Encryption with CMKs stored in AWS KMS][11].
+    #     in Amazon Web Services KMS (SSE-KMS), see [Protecting Data Using
+    #     Server-Side Encryption with CMKs stored in Amazon Web Services
+    #     KMS][11].
     #
     # Access-Control-List (ACL)-Specific Request Headers
     #
     # : You also can use the following access control–related headers with
     #   this operation. By default, all objects are private. Only the owner
     #   has full access control. When adding a new object, you can grant
-    #   permissions to individual AWS accounts or to predefined groups
-    #   defined by Amazon S3. These permissions are then added to the access
-    #   control list (ACL) on the object. For more information, see [Using
-    #   ACLs][12]. With this operation, you can grant access permissions
-    #   using one of the following two methods:
+    #   permissions to individual Amazon Web Services accounts or to
+    #   predefined groups defined by Amazon S3. These permissions are then
+    #   added to the access control list (ACL) on the object. For more
+    #   information, see [Using ACLs][12]. With this operation, you can
+    #   grant access permissions using one of the following two methods:
     #
     #   * Specify a canned ACL (`x-amz-acl`) — Amazon S3 supports a set of
     #     predefined ACLs, known as *canned ACLs*. Each canned ACL has a
@@ -1624,12 +1670,12 @@ module Aws::S3
     #     see [Canned ACL][9].
     #
     #   * Specify access permissions explicitly — To explicitly grant access
-    #     permissions to specific AWS accounts or groups, use the following
-    #     headers. Each header maps to specific permissions that Amazon S3
-    #     supports in an ACL. For more information, see [Access Control List
-    #     (ACL) Overview][10]. In the header, you specify a list of grantees
-    #     who get the specific permission. To grant permissions explicitly,
-    #     use:
+    #     permissions to specific Amazon Web Services accounts or groups,
+    #     use the following headers. Each header maps to specific
+    #     permissions that Amazon S3 supports in an ACL. For more
+    #     information, see [Access Control List (ACL) Overview][10]. In the
+    #     header, you specify a list of grantees who get the specific
+    #     permission. To grant permissions explicitly, use:
     #
     #     * x-amz-grant-read
     #
@@ -1644,16 +1690,16 @@ module Aws::S3
     #     You specify each grantee as a type=value pair, where the type is
     #     one of the following:
     #
-    #     * `id` – if the value specified is the canonical user ID of an AWS
-    #       account
+    #     * `id` – if the value specified is the canonical user ID of an
+    #       Amazon Web Services account
     #
     #     * `uri` – if you are granting permissions to a predefined group
     #
     #     * `emailAddress` – if the value specified is the email address of
-    #       an AWS account
+    #       an Amazon Web Services account
     #
     #       <note markdown="1"> Using email addresses to specify a grantee is only supported in
-    #       the following AWS Regions:
+    #       the following Amazon Web Services Regions:
     #
     #        * US East (N. Virginia)
     #
@@ -1672,13 +1718,14 @@ module Aws::S3
     #       * South America (São Paulo)
     #
     #        For a list of all the Amazon S3 supported Regions and endpoints,
-    #       see [Regions and Endpoints][13] in the AWS General Reference.
+    #       see [Regions and Endpoints][13] in the Amazon Web Services
+    #       General Reference.
     #
     #        </note>
     #
     #     For example, the following `x-amz-grant-read` header grants the
-    #     AWS accounts identified by account IDs permissions to read object
-    #     data and its metadata:
+    #     Amazon Web Services accounts identified by account IDs permissions
+    #     to read object data and its metadata:
     #
     #     `x-amz-grant-read: id="11112222333", id="444455556666" `
     #
@@ -1725,19 +1772,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -1829,11 +1876,12 @@ module Aws::S3
     #   ensure that the encryption key was transmitted without error.
     #
     # @option params [String] :ssekms_key_id
-    #   Specifies the ID of the symmetric customer managed AWS KMS CMK to use
-    #   for object encryption. All GET and PUT requests for an object
-    #   protected by AWS KMS will fail if not made via SSL or using SigV4. For
-    #   information about configuring using any of the officially supported
-    #   AWS SDKs and AWS CLI, see [Specifying the Signature Version in Request
+    #   Specifies the ID of the symmetric customer managed Amazon Web Services
+    #   KMS CMK to use for object encryption. All GET and PUT requests for an
+    #   object protected by Amazon Web Services KMS will fail if not made via
+    #   SSL or using SigV4. For information about configuring using any of the
+    #   officially supported Amazon Web Services SDKs and Amazon Web Services
+    #   CLI, see [Specifying the Signature Version in Request
     #   Authentication][1] in the *Amazon S3 User Guide*.
     #
     #
@@ -1841,9 +1889,9 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
     #
     # @option params [String] :ssekms_encryption_context
-    #   Specifies the AWS KMS Encryption Context to use for object encryption.
-    #   The value of this header is a base64-encoded UTF-8 string holding JSON
-    #   with the encryption context key-value pairs.
+    #   Specifies the Amazon Web Services KMS Encryption Context to use for
+    #   object encryption. The value of this header is a base64-encoded UTF-8
+    #   string holding JSON with the encryption context key-value pairs.
     #
     # @option params [Boolean] :bucket_key_enabled
     #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
@@ -2498,19 +2546,20 @@ module Aws::S3
 
     # This implementation of the DELETE action uses the policy subresource
     # to delete the policy of a specified bucket. If you are using an
-    # identity other than the root user of the AWS account that owns the
-    # bucket, the calling identity must have the `DeleteBucketPolicy`
-    # permissions on the specified bucket and belong to the bucket owner's
-    # account to use this operation.
+    # identity other than the root user of the Amazon Web Services account
+    # that owns the bucket, the calling identity must have the
+    # `DeleteBucketPolicy` permissions on the specified bucket and belong to
+    # the bucket owner's account to use this operation.
     #
     # If you don't have `DeleteBucketPolicy` permissions, Amazon S3 returns
     # a `403 Access Denied` error. If you have the correct permissions, but
     # you're not using an identity that belongs to the bucket owner's
     # account, Amazon S3 returns a `405 Method Not Allowed` error.
     #
-    # As a security precaution, the root user of the AWS account that owns a
-    # bucket can always use this operation, even if the policy explicitly
-    # denies the root user the ability to perform this action.
+    # As a security precaution, the root user of the Amazon Web Services
+    # account that owns a bucket can always use this operation, even if the
+    # policy explicitly denies the root user the ability to perform this
+    # action.
     #
     # For more information about bucket policies, see [Using Bucket Policies
     # and UserPolicies][1].
@@ -2789,19 +2838,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -2833,7 +2882,8 @@ module Aws::S3
     #
     # @option params [Boolean] :bypass_governance_retention
     #   Indicates whether S3 Object Lock should bypass Governance-mode
-    #   restrictions to process this operation.
+    #   restrictions to process this operation. To use this header, you must
+    #   have the `s3:PutBucketPublicAccessBlock` permission.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -2925,19 +2975,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -2961,35 +3011,35 @@ module Aws::S3
     #   * {Types::DeleteObjectTaggingOutput#version_id #version_id} => String
     #
     #
-    # @example Example: To remove tag set from an object
+    # @example Example: To remove tag set from an object version
     #
-    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
-    #   # operation removes tag set from the latest object version.
+    #   # The following example removes tag set associated with the specified object version. The request specifies both the
+    #   # object key and object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "null", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   }
     #
-    # @example Example: To remove tag set from an object version
+    # @example Example: To remove tag set from an object
     #
-    #   # The following example removes tag set associated with the specified object version. The request specifies both the
-    #   # object key and object version.
+    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
+    #   # operation removes tag set from the latest object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     version_id: "null", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -3073,19 +3123,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -3114,8 +3164,8 @@ module Aws::S3
     #
     # @option params [Boolean] :bypass_governance_retention
     #   Specifies whether you want to delete this object even if it has a
-    #   Governance-type Object Lock in place. You must have sufficient
-    #   permissions to perform this operation.
+    #   Governance-type Object Lock in place. To use this header, you must
+    #   have the `s3:PutBucketPublicAccessBlock` permission.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -3129,20 +3179,22 @@ module Aws::S3
     #   * {Types::DeleteObjectsOutput#errors #errors} => Array&lt;Types::Error&gt;
     #
     #
-    # @example Example: To delete multiple objects from a versioned bucket
+    # @example Example: To delete multiple object versions from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
-    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
+    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
+    #   # versions and returns the key and versions of deleted objects in the response.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "objectkey1", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #         }, 
     #         {
-    #           key: "objectkey2", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -3153,34 +3205,30 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
-    #         key: "objectkey1", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #       }, 
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
-    #         key: "objectkey2", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #       }, 
     #     ], 
     #   }
     #
-    # @example Example: To delete multiple object versions from a versioned bucket
+    # @example Example: To delete multiple objects from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
-    #   # versions and returns the key and versions of deleted objects in the response.
+    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
+    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #           key: "objectkey1", 
     #         }, 
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #           key: "objectkey2", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -3191,12 +3239,14 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
+    #         key: "objectkey1", 
     #       }, 
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
+    #         key: "objectkey2", 
     #       }, 
     #     ], 
     #   }
@@ -4068,6 +4118,9 @@ module Aws::S3
     # To use this implementation of the operation, you must be the bucket
     # owner.
     #
+    # To use this API against an access point, provide the alias of the
+    # access point in place of the bucket name.
+    #
     # The following operations are related to `GetBucketLocation`\:
     #
     # * [GetObject][2]
@@ -4510,19 +4563,20 @@ module Aws::S3
     end
 
     # Returns the policy of a specified bucket. If you are using an identity
-    # other than the root user of the AWS account that owns the bucket, the
-    # calling identity must have the `GetBucketPolicy` permissions on the
-    # specified bucket and belong to the bucket owner's account in order to
-    # use this operation.
+    # other than the root user of the Amazon Web Services account that owns
+    # the bucket, the calling identity must have the `GetBucketPolicy`
+    # permissions on the specified bucket and belong to the bucket owner's
+    # account in order to use this operation.
     #
     # If you don't have `GetBucketPolicy` permissions, Amazon S3 returns a
     # `403 Access Denied` error. If you have the correct permissions, but
     # you're not using an identity that belongs to the bucket owner's
     # account, Amazon S3 returns a `405 Method Not Allowed` error.
     #
-    # As a security precaution, the root user of the AWS account that owns a
-    # bucket can always use this operation, even if the policy explicitly
-    # denies the root user the ability to perform this action.
+    # As a security precaution, the root user of the Amazon Web Services
+    # account that owns a bucket can always use this operation, even if the
+    # policy explicitly denies the root user the ability to perform this
+    # action.
     #
     # For more information about bucket policies, see [Using Bucket Policies
     # and User Policies][1].
@@ -5104,10 +5158,10 @@ module Aws::S3
     #
     # Encryption request headers, like `x-amz-server-side-encryption`,
     # should not be sent for GET requests if your object uses server-side
-    # encryption with CMKs stored in AWS KMS (SSE-KMS) or server-side
-    # encryption with Amazon S3–managed encryption keys (SSE-S3). If your
-    # object does use these types of keys, you’ll get an HTTP 400 BadRequest
-    # error.
+    # encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or
+    # server-side encryption with Amazon S3–managed encryption keys
+    # (SSE-S3). If your object does use these types of keys, you’ll get an
+    # HTTP 400 BadRequest error.
     #
     # If you encrypt an object by using server-side encryption with
     # customer-provided encryption keys (SSE-C) when you store the object in
@@ -5123,18 +5177,19 @@ module Aws::S3
     # For more information about SSE-C, see [Server-Side Encryption (Using
     # Customer-Provided Encryption Keys)][6].
     #
-    # Assuming you have permission to read object tags (permission for the
-    # `s3:GetObjectVersionTagging` action), the response also returns the
-    # `x-amz-tagging-count` header that provides the count of number of tags
-    # associated with the object. You can use [GetObjectTagging][7] to
-    # retrieve the tag set associated with an object.
+    # Assuming you have the relevant permission to read object tags, the
+    # response also returns the `x-amz-tagging-count` header that provides
+    # the count of number of tags associated with the object. You can use
+    # [GetObjectTagging][7] to retrieve the tag set associated with an
+    # object.
     #
     # **Permissions**
     #
-    # You need the `s3:GetObject` permission for this operation. For more
-    # information, see [Specifying Permissions in a Policy][8]. If the
-    # object you request does not exist, the error Amazon S3 returns depends
-    # on whether you also have the `s3:ListBucket` permission.
+    # You need the relevant read object (or version) permission for this
+    # operation. For more information, see [Specifying Permissions in a
+    # Policy][8]. If the object you request does not exist, the error Amazon
+    # S3 returns depends on whether you also have the `s3:ListBucket`
+    # permission.
     #
     # * If you have the `s3:ListBucket` permission on the bucket, Amazon S3
     #   will return an HTTP status code 404 ("no such key") error.
@@ -5147,9 +5202,12 @@ module Aws::S3
     # By default, the GET action returns the current version of an object.
     # To return a different version, use the `versionId` subresource.
     #
-    # <note markdown="1"> If the current version of the object is a delete marker, Amazon S3
-    # behaves as if the object was deleted and includes
-    # `x-amz-delete-marker: true` in the response.
+    # <note markdown="1"> * You need the `s3:GetObjectVersion` permission to access a specific
+    #   version of an object.
+    #
+    # * If the current version of the object is a delete marker, Amazon S3
+    #   behaves as if the object was deleted and includes
+    #   `x-amz-delete-marker: true` in the response.
     #
     #  </note>
     #
@@ -5233,19 +5291,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -5559,10 +5617,10 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -5696,10 +5754,10 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -5771,10 +5829,10 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -5828,10 +5886,10 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -5924,19 +5982,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -5971,49 +6029,49 @@ module Aws::S3
     #   * {Types::GetObjectTaggingOutput#tag_set #tag_set} => Array&lt;Types::Tag&gt;
     #
     #
-    # @example Example: To retrieve tag set of a specific object version
+    # @example Example: To retrieve tag set of an object
     #
-    #   # The following example retrieves tag set of an object. The request specifies object version.
+    #   # The following example retrieves tag set of an object.
     #
     #   resp = client.get_object_tagging({
     #     bucket: "examplebucket", 
-    #     key: "exampleobject", 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     key: "HappyFace.jpg", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     tag_set: [
     #       {
-    #         key: "Key1", 
-    #         value: "Value1", 
+    #         key: "Key4", 
+    #         value: "Value4", 
+    #       }, 
+    #       {
+    #         key: "Key3", 
+    #         value: "Value3", 
     #       }, 
     #     ], 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     version_id: "null", 
     #   }
     #
-    # @example Example: To retrieve tag set of an object
+    # @example Example: To retrieve tag set of a specific object version
     #
-    #   # The following example retrieves tag set of an object.
+    #   # The following example retrieves tag set of an object. The request specifies object version.
     #
     #   resp = client.get_object_tagging({
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
+    #     key: "exampleobject", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     tag_set: [
     #       {
-    #         key: "Key4", 
-    #         value: "Value4", 
-    #       }, 
-    #       {
-    #         key: "Key3", 
-    #         value: "Value3", 
+    #         key: "Key1", 
+    #         value: "Value1", 
     #       }, 
     #     ], 
-    #     version_id: "null", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -6222,10 +6280,19 @@ module Aws::S3
     # Operations][1] and [Managing Access Permissions to Your Amazon S3
     # Resources][2].
     #
+    # To use this API against an access point, you must provide the alias of
+    # the access point in place of the bucket name or specify the access
+    # point ARN. When using the access point ARN, you must direct requests
+    # to the access point hostname. The access point hostname takes the form
+    # AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When
+    # using the Amazon Web Services SDKs, you provide the ARN in place of
+    # the bucket name. For more information see, [Using access points][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
@@ -6233,19 +6300,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -6318,10 +6385,10 @@ module Aws::S3
     #
     # <note markdown="1"> * Encryption request headers, like `x-amz-server-side-encryption`,
     #   should not be sent for GET requests if your object uses server-side
-    #   encryption with CMKs stored in AWS KMS (SSE-KMS) or server-side
-    #   encryption with Amazon S3–managed encryption keys (SSE-S3). If your
-    #   object does use these types of keys, you’ll get an HTTP 400
-    #   BadRequest error.
+    #   encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or
+    #   server-side encryption with Amazon S3–managed encryption keys
+    #   (SSE-S3). If your object does use these types of keys, you’ll get an
+    #   HTTP 400 BadRequest error.
     #
     # * The last modified property in this case is the creation date of the
     #   object.
@@ -6355,10 +6422,11 @@ module Aws::S3
     #
     # **Permissions**
     #
-    # You need the `s3:GetObject` permission for this operation. For more
-    # information, see [Specifying Permissions in a Policy][4]. If the
-    # object you request does not exist, the error Amazon S3 returns depends
-    # on whether you also have the s3:ListBucket permission.
+    # You need the relevant read object (or version) permission for this
+    # operation. For more information, see [Specifying Permissions in a
+    # Policy][4]. If the object you request does not exist, the error Amazon
+    # S3 returns depends on whether you also have the s3:ListBucket
+    # permission.
     #
     # * If you have the `s3:ListBucket` permission on the bucket, Amazon S3
     #   returns an HTTP status code 404 ("no such key") error.
@@ -6386,19 +6454,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -7093,19 +7161,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -7185,97 +7253,97 @@ module Aws::S3
     # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     #
-    # @example Example: To list in-progress multipart uploads on a bucket
+    # @example Example: List next set of multipart uploads when previous result is truncated
     #
-    #   # The following example lists in-progress multipart uploads on a specific bucket.
+    #   # The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next
+    #   # setup of multipart uploads.
     #
     #   resp = client.list_multipart_uploads({
     #     bucket: "examplebucket", 
+    #     key_marker: "nextkeyfrompreviousresponse", 
+    #     max_uploads: 2, 
+    #     upload_id_marker: "valuefrompreviousresponse", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
+    #     bucket: "acl1", 
+    #     is_truncated: true, 
+    #     key_marker: "", 
+    #     max_uploads: 2, 
+    #     next_key_marker: "someobjectkey", 
+    #     next_upload_id_marker: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
+    #     upload_id_marker: "", 
     #     uploads: [
     #       {
     #         initiated: Time.parse("2014-05-01T05:40:58.000Z"), 
     #         initiator: {
-    #           display_name: "display-name", 
+    #           display_name: "ownder-display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "display-name", 
-    #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
+    #           display_name: "mohanataws", 
+    #           id: "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
+    #         upload_id: "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
     #       }, 
     #       {
     #         initiated: Time.parse("2014-05-01T05:41:27.000Z"), 
     #         initiator: {
-    #           display_name: "display-name", 
+    #           display_name: "ownder-display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "display-name", 
+    #           display_name: "ownder-display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
+    #         upload_id: "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
     #       }, 
     #     ], 
     #   }
     #
-    # @example Example: List next set of multipart uploads when previous result is truncated
+    # @example Example: To list in-progress multipart uploads on a bucket
     #
-    #   # The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next
-    #   # setup of multipart uploads.
+    #   # The following example lists in-progress multipart uploads on a specific bucket.
     #
     #   resp = client.list_multipart_uploads({
     #     bucket: "examplebucket", 
-    #     key_marker: "nextkeyfrompreviousresponse", 
-    #     max_uploads: 2, 
-    #     upload_id_marker: "valuefrompreviousresponse", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     bucket: "acl1", 
-    #     is_truncated: true, 
-    #     key_marker: "", 
-    #     max_uploads: 2, 
-    #     next_key_marker: "someobjectkey", 
-    #     next_upload_id_marker: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
-    #     upload_id_marker: "", 
     #     uploads: [
     #       {
     #         initiated: Time.parse("2014-05-01T05:40:58.000Z"), 
     #         initiator: {
-    #           display_name: "ownder-display-name", 
+    #           display_name: "display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "mohanataws", 
-    #           id: "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
+    #           display_name: "display-name", 
+    #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
+    #         upload_id: "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--", 
     #       }, 
     #       {
     #         initiated: Time.parse("2014-05-01T05:41:27.000Z"), 
     #         initiator: {
-    #           display_name: "ownder-display-name", 
+    #           display_name: "display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         key: "JavaFile", 
     #         owner: {
-    #           display_name: "ownder-display-name", 
+    #           display_name: "display-name", 
     #           id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc", 
     #         }, 
     #         storage_class: "STANDARD", 
-    #         upload_id: "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
+    #         upload_id: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", 
     #       }, 
     #     ], 
     #   }
@@ -7558,19 +7626,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -7589,7 +7657,9 @@ module Aws::S3
     #   parameter to request that Amazon S3 encode the keys in the response.
     #
     # @option params [String] :marker
-    #   Specifies the key to start with when listing objects in a bucket.
+    #   Marker is where you want Amazon S3 to start listing from. Amazon S3
+    #   starts listing after this specified key. Marker can be any key in the
+    #   bucket.
     #
     # @option params [Integer] :max_keys
     #   Sets the maximum number of keys returned in the response. By default
@@ -7717,10 +7787,10 @@ module Aws::S3
     #
     # To use this operation, you must have READ access to the bucket.
     #
-    # To use this action in an AWS Identity and Access Management (IAM)
-    # policy, you must have permissions to perform the `s3:ListBucket`
-    # action. The bucket owner has this permission by default and can grant
-    # this permission to others. For more information about permissions, see
+    # To use this action in an Identity and Access Management (IAM) policy,
+    # you must have permissions to perform the `s3:ListBucket` action. The
+    # bucket owner has this permission by default and can grant this
+    # permission to others. For more information about permissions, see
     # [Permissions Related to Bucket Subresource Operations][2] and
     # [Managing Access Permissions to Your Amazon S3 Resources][3].
     #
@@ -7756,19 +7826,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -7962,19 +8032,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -8225,26 +8295,26 @@ module Aws::S3
     # * Specify access permissions explicitly with the `x-amz-grant-read`,
     #   `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and
     #   `x-amz-grant-full-control` headers. When using these headers, you
-    #   specify explicit access permissions and grantees (AWS accounts or
-    #   Amazon S3 groups) who will receive the permission. If you use these
-    #   ACL-specific headers, you cannot use the `x-amz-acl` header to set a
-    #   canned ACL. These parameters map to the set of permissions that
-    #   Amazon S3 supports in an ACL. For more information, see [Access
-    #   Control List (ACL) Overview][3].
+    #   specify explicit access permissions and grantees (Amazon Web
+    #   Services accounts or Amazon S3 groups) who will receive the
+    #   permission. If you use these ACL-specific headers, you cannot use
+    #   the `x-amz-acl` header to set a canned ACL. These parameters map to
+    #   the set of permissions that Amazon S3 supports in an ACL. For more
+    #   information, see [Access Control List (ACL) Overview][3].
     #
     #   You specify each grantee as a type=value pair, where the type is one
     #   of the following:
     #
-    #   * `id` – if the value specified is the canonical user ID of an AWS
-    #     account
+    #   * `id` – if the value specified is the canonical user ID of an
+    #     Amazon Web Services account
     #
     #   * `uri` – if you are granting permissions to a predefined group
     #
     #   * `emailAddress` – if the value specified is the email address of an
-    #     AWS account
+    #     Amazon Web Services account
     #
     #     <note markdown="1"> Using email addresses to specify a grantee is only supported in
-    #     the following AWS Regions:
+    #     the following Amazon Web Services Regions:
     #
     #      * US East (N. Virginia)
     #
@@ -8263,14 +8333,15 @@ module Aws::S3
     #     * South America (São Paulo)
     #
     #      For a list of all the Amazon S3 supported Regions and endpoints,
-    #     see [Regions and Endpoints][4] in the AWS General Reference.
+    #     see [Regions and Endpoints][4] in the Amazon Web Services General
+    #     Reference.
     #
     #      </note>
     #
     #   For example, the following `x-amz-grant-write` header grants create,
     #   overwrite, and delete objects permission to LogDelivery group
-    #   predefined by Amazon S3 and two AWS accounts identified by their
-    #   email addresses.
+    #   predefined by Amazon S3 and two Amazon Web Services accounts
+    #   identified by their email addresses.
     #
     #   `x-amz-grant-write:
     #   uri="http://acs.amazonaws.com/groups/s3/LogDelivery",
@@ -8306,7 +8377,7 @@ module Aws::S3
     #   GET Object acl request, appears as the CanonicalUser.
     #
     #   <note markdown="1"> Using email addresses to specify a grantee is only supported in the
-    #   following AWS Regions:
+    #   following Amazon Web Services Regions:
     #
     #    * US East (N. Virginia)
     #
@@ -8325,7 +8396,8 @@ module Aws::S3
     #   * South America (São Paulo)
     #
     #    For a list of all the Amazon S3 supported Regions and endpoints, see
-    #   [Regions and Endpoints][4] in the AWS General Reference.
+    #   [Regions and Endpoints][4] in the Amazon Web Services General
+    #   Reference.
     #
     #    </note>
     #
@@ -8362,8 +8434,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -8652,8 +8725,9 @@ module Aws::S3
     #   used as a message integrity check to verify that the request body was
     #   not corrupted in transit. For more information, go to [RFC 1864.][1]
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -8743,15 +8817,16 @@ module Aws::S3
     # encryption and Amazon S3 Bucket Key for an existing bucket.
     #
     # Default encryption for a bucket can use server-side encryption with
-    # Amazon S3-managed keys (SSE-S3) or AWS KMS customer master keys
-    # (SSE-KMS). If you specify default encryption using SSE-KMS, you can
-    # also configure Amazon S3 Bucket Key. For information about default
-    # encryption, see [Amazon S3 default bucket encryption][1] in the
-    # *Amazon S3 User Guide*. For more information about S3 Bucket Keys, see
-    # [Amazon S3 Bucket Keys][2] in the *Amazon S3 User Guide*.
+    # Amazon S3-managed keys (SSE-S3) or Amazon Web Services KMS customer
+    # master keys (SSE-KMS). If you specify default encryption using
+    # SSE-KMS, you can also configure Amazon S3 Bucket Key. For information
+    # about default encryption, see [Amazon S3 default bucket encryption][1]
+    # in the *Amazon S3 User Guide*. For more information about S3 Bucket
+    # Keys, see [Amazon S3 Bucket Keys][2] in the *Amazon S3 User Guide*.
     #
-    # This action requires AWS Signature Version 4. For more information,
-    # see [ Authenticating Requests (AWS Signature Version 4)][3].
+    # This action requires Amazon Web Services Signature Version 4. For more
+    # information, see [ Authenticating Requests (Amazon Web Services
+    # Signature Version 4)][3].
     #
     # To use this operation, you must have permissions to perform the
     # `s3:PutEncryptionConfiguration` action. The bucket owner has this
@@ -8780,9 +8855,9 @@ module Aws::S3
     # @option params [required, String] :bucket
     #   Specifies default encryption for a bucket using server-side encryption
     #   with Amazon S3-managed keys (SSE-S3) or customer master keys stored in
-    #   AWS KMS (SSE-KMS). For information about the Amazon S3 default
-    #   encryption feature, see [Amazon S3 Default Bucket Encryption][1] in
-    #   the *Amazon S3 User Guide*.
+    #   Amazon Web Services KMS (SSE-KMS). For information about the Amazon S3
+    #   default encryption feature, see [Amazon S3 Default Bucket
+    #   Encryption][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -8792,8 +8867,9 @@ module Aws::S3
     #   The base64-encoded 128-bit MD5 digest of the server-side encryption
     #   configuration.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [required, Types::ServerSideEncryptionConfiguration] :server_side_encryption_configuration
     #   Specifies the default server-side-encryption configuration.
@@ -8962,8 +9038,8 @@ module Aws::S3
     # on a daily or weekly basis, and the results are published to a flat
     # file. The bucket that is inventoried is called the *source* bucket,
     # and the bucket where the inventory flat file is stored is called the
-    # *destination* bucket. The *destination* bucket must be in the same AWS
-    # Region as the *source* bucket.
+    # *destination* bucket. The *destination* bucket must be in the same
+    # Amazon Web Services Region as the *source* bucket.
     #
     # When you configure an inventory for a *source* bucket, you specify the
     # *destination* bucket where you want the inventory to be stored, and
@@ -9098,10 +9174,10 @@ module Aws::S3
     #
     # By default, all Amazon S3 resources, including buckets, objects, and
     # related subresources (for example, lifecycle configuration and website
-    # configuration) are private. Only the resource owner, the AWS account
-    # that created the resource, can access it. The resource owner can
-    # optionally grant access permissions to others by writing an access
-    # policy. For this operation, users must get the
+    # configuration) are private. Only the resource owner, the Amazon Web
+    # Services account that created the resource, can access it. The
+    # resource owner can optionally grant access permissions to others by
+    # writing an access policy. For this operation, users must get the
     # `s3:PutLifecycleConfiguration` permission.
     #
     # You can also explicitly deny permissions. Explicit denial also
@@ -9132,10 +9208,10 @@ module Aws::S3
     # * [RestoreObject][7]
     #
     # * By default, a resource owner—in this case, a bucket owner, which is
-    #   the AWS account that created the bucket—can perform any of the
-    #   operations. A resource owner can also grant others permission to
-    #   perform the operation. For more information, see the following
-    #   topics in the Amazon S3 User Guide:
+    #   the Amazon Web Services account that created the bucket—can perform
+    #   any of the operations. A resource owner can also grant others
+    #   permission to perform the operation. For more information, see the
+    #   following topics in the Amazon S3 User Guide:
     #
     #   * [Specifying Permissions in a Policy][8]
     #
@@ -9155,8 +9231,9 @@ module Aws::S3
     # @option params [required, String] :bucket
     #
     # @option params [String] :content_md5
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [Types::LifecycleConfiguration] :lifecycle_configuration
     #
@@ -9255,10 +9332,10 @@ module Aws::S3
     # By default, all Amazon S3 resources are private, including buckets,
     # objects, and related subresources (for example, lifecycle
     # configuration and website configuration). Only the resource owner
-    # (that is, the AWS account that created it) can access the resource.
-    # The resource owner can optionally grant access permissions to others
-    # by writing an access policy. For this operation, a user must get the
-    # s3:PutLifecycleConfiguration permission.
+    # (that is, the Amazon Web Services account that created it) can access
+    # the resource. The resource owner can optionally grant access
+    # permissions to others by writing an access policy. For this operation,
+    # a user must get the s3:PutLifecycleConfiguration permission.
     #
     # You can also explicitly deny permissions. Explicit deny also
     # supersedes any other permissions. If you want to block users or
@@ -9402,8 +9479,8 @@ module Aws::S3
 
     # Set the logging parameters for a bucket and to specify permissions for
     # who can view and modify the logging parameters. All logs are saved to
-    # buckets in the same AWS Region as the source bucket. To set the
-    # logging status of a bucket, you must be the bucket owner.
+    # buckets in the same Amazon Web Services Region as the source bucket.
+    # To set the logging status of a bucket, you must be the bucket owner.
     #
     # The bucket owner is automatically granted FULL\_CONTROL to all logs.
     # You use the `Grantee` request element to grant access to other people.
@@ -9477,8 +9554,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutBucketLogging` request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -9656,8 +9734,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutPublicAccessBlock` request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [required, Types::NotificationConfigurationDeprecated] :notification_configuration
     #   The container for the configuration.
@@ -9732,7 +9811,7 @@ module Aws::S3
     # Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue
     # Service (Amazon SQS) destination exists, and that the bucket owner has
     # permission to publish to it by sending a test notification. In the
-    # case of AWS Lambda destinations, Amazon S3 verifies that the Lambda
+    # case of Lambda destinations, Amazon S3 verifies that the Lambda
     # function permissions grant Amazon S3 permission to invoke the function
     # from the Amazon S3 bucket. For more information, see [Configuring
     # Notifications for Amazon S3 Events][1].
@@ -9903,8 +9982,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `OwnershipControls` request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -9942,22 +10022,22 @@ module Aws::S3
     end
 
     # Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are
-    # using an identity other than the root user of the AWS account that
-    # owns the bucket, the calling identity must have the `PutBucketPolicy`
-    # permissions on the specified bucket and belong to the bucket owner's
-    # account in order to use this operation.
+    # using an identity other than the root user of the Amazon Web Services
+    # account that owns the bucket, the calling identity must have the
+    # `PutBucketPolicy` permissions on the specified bucket and belong to
+    # the bucket owner's account in order to use this operation.
     #
     # If you don't have `PutBucketPolicy` permissions, Amazon S3 returns a
     # `403 Access Denied` error. If you have the correct permissions, but
     # you're not using an identity that belongs to the bucket owner's
     # account, Amazon S3 returns a `405 Method Not Allowed` error.
     #
-    # As a security precaution, the root user of the AWS account that owns a
-    # bucket can always use this operation, even if the policy explicitly
-    # denies the root user the ability to perform this action.
+    # As a security precaution, the root user of the Amazon Web Services
+    # account that owns a bucket can always use this operation, even if the
+    # policy explicitly denies the root user the ability to perform this
+    # action.
     #
-    # For more information about bucket policies, see [Using Bucket Policies
-    # and User Policies][1].
+    # For more information, see [Bucket policy examples][1].
     #
     # The following operations are related to `PutBucketPolicy`\:
     #
@@ -9967,7 +10047,7 @@ module Aws::S3
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
     #
@@ -9977,8 +10057,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [Boolean] :confirm_remove_self_bucket_access
     #   Set this parameter to true to confirm that you want to remove your
@@ -10026,11 +10107,6 @@ module Aws::S3
     # Creates a replication configuration or replaces an existing one. For
     # more information, see [Replication][1] in the *Amazon S3 User Guide*.
     #
-    # <note markdown="1"> To perform this operation, the user or role performing the action must
-    # have the [iam:PassRole][2] permission.
-    #
-    #  </note>
-    #
     # Specify the replication configuration in the request body. In the
     # replication configuration, you provide the name of the destination
     # bucket or buckets where you want Amazon S3 to replicate objects, the
@@ -10052,32 +10128,43 @@ module Aws::S3
     #
     # <note markdown="1"> If you are using an earlier version of the replication configuration,
     # Amazon S3 handles replication of delete markers differently. For more
-    # information, see [Backward Compatibility][3].
+    # information, see [Backward Compatibility][2].
     #
     #  </note>
     #
     # For information about enabling versioning on a bucket, see [Using
-    # Versioning][4].
-    #
-    # By default, a resource owner, in this case the AWS account that
-    # created the bucket, can perform this operation. The resource owner can
-    # also grant others permissions to perform the operation. For more
-    # information about permissions, see [Specifying Permissions in a
-    # Policy][5] and [Managing Access Permissions to Your Amazon S3
-    # Resources][6].
+    # Versioning][3].
     #
     # **Handling Replication of Encrypted Objects**
     #
     # By default, Amazon S3 doesn't replicate objects that are stored at
-    # rest using server-side encryption with CMKs stored in AWS KMS. To
-    # replicate AWS KMS-encrypted objects, add the following:
-    # `SourceSelectionCriteria`, `SseKmsEncryptedObjects`, `Status`,
-    # `EncryptionConfiguration`, and `ReplicaKmsKeyID`. For information
-    # about replication configuration, see [Replicating Objects Created with
-    # SSE Using CMKs stored in AWS KMS][7].
+    # rest using server-side encryption with CMKs stored in Amazon Web
+    # Services KMS. To replicate Amazon Web Services KMS-encrypted objects,
+    # add the following: `SourceSelectionCriteria`,
+    # `SseKmsEncryptedObjects`, `Status`, `EncryptionConfiguration`, and
+    # `ReplicaKmsKeyID`. For information about replication configuration,
+    # see [Replicating Objects Created with SSE Using CMKs stored in Amazon
+    # Web Services KMS][4].
     #
     # For information on `PutBucketReplication` errors, see [List of
-    # replication-related error codes][8]
+    # replication-related error codes][5]
+    #
+    # **Permissions**
+    #
+    # To create a `PutBucketReplication` request, you must have
+    # `s3:PutReplicationConfiguration` permissions for the bucket.
+    #
+    # By default, a resource owner, in this case the Amazon Web Services
+    # account that created the bucket, can perform this operation. The
+    # resource owner can also grant others permissions to perform the
+    # operation. For more information about permissions, see [Specifying
+    # Permissions in a Policy][6] and [Managing Access Permissions to Your
+    # Amazon S3 Resources][7].
+    #
+    # <note markdown="1"> To perform this operation, the user or role performing the action must
+    # have the [iam:PassRole][8] permission.
+    #
+    #  </note>
     #
     # The following operations are related to `PutBucketReplication`\:
     #
@@ -10088,13 +10175,13 @@ module Aws::S3
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html
-    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
-    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
-    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
+    # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
     # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html
     # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html
     #
@@ -10106,8 +10193,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -10257,8 +10345,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -10308,15 +10397,16 @@ module Aws::S3
 
     # Sets the tags for a bucket.
     #
-    # Use tags to organize your AWS bill to reflect your own cost structure.
-    # To do this, sign up to get your AWS account bill with tag key values
-    # included. Then, to see the cost of combined resources, organize your
-    # billing information according to resources with the same tag key
-    # values. For example, you can tag several resources with a specific
-    # application name, and then organize your billing information to see
-    # the total cost of that application across several services. For more
-    # information, see [Cost Allocation and Tagging][1] and [Using Cost
-    # Allocation in Amazon S3 Bucket Tags][2].
+    # Use tags to organize your Amazon Web Services bill to reflect your own
+    # cost structure. To do this, sign up to get your Amazon Web Services
+    # account bill with tag key values included. Then, to see the cost of
+    # combined resources, organize your billing information according to
+    # resources with the same tag key values. For example, you can tag
+    # several resources with a specific application name, and then organize
+    # your billing information to see the total cost of that application
+    # across several services. For more information, see [Cost Allocation
+    # and Tagging][1] and [Using Cost Allocation in Amazon S3 Bucket
+    # Tags][2].
     #
     # <note markdown="1"> When this operation sets the tags for a bucket, it will overwrite any
     # current tags the bucket already has. You cannot use this operation to
@@ -10338,7 +10428,8 @@ module Aws::S3
     #   * Description: The tag provided was not a valid tag. This error can
     #     occur if the tag did not pass input validation. For information
     #     about tag restrictions, see [User-Defined Tag Restrictions][5] and
-    #     [AWS-Generated Cost Allocation Tag Restrictions][6].
+    #     [Amazon Web Services-Generated Cost Allocation Tag
+    #     Restrictions][6].
     #
     #   ^
     #
@@ -10387,8 +10478,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -10503,8 +10595,9 @@ module Aws::S3
     #   body was not corrupted in transit. For more information, see [RFC
     #   1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -10640,8 +10733,9 @@ module Aws::S3
     #   header as a message integrity check to verify that the request body
     #   was not corrupted in transit. For more information, see [RFC 1864][1].
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -10738,10 +10832,16 @@ module Aws::S3
     # putting an object to Amazon S3 and compare the returned ETag to the
     # calculated MD5 value.
     #
-    # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
-    # object with a retention period configured using Amazon S3 Object Lock.
-    # For more information about Amazon S3 Object Lock, see [Amazon S3
-    # Object Lock Overview][1] in the *Amazon S3 User Guide*.
+    # <note markdown="1"> * To successfully complete the `PutObject` request, you must have the
+    #   `s3:PutObject` in your IAM permissions.
+    #
+    # * To successfully change the objects acl of your `PutObject` request,
+    #   you must have the `s3:PutObjectAcl` in your IAM permissions.
+    #
+    # * The `Content-MD5` header is required for any request to upload an
+    #   object with a retention period configured using Amazon S3 Object
+    #   Lock. For more information about Amazon S3 Object Lock, see [Amazon
+    #   S3 Object Lock Overview][1] in the *Amazon S3 User Guide*.
     #
     #  </note>
     #
@@ -10750,22 +10850,22 @@ module Aws::S3
     # You can optionally request server-side encryption. With server-side
     # encryption, Amazon S3 encrypts your data as it writes it to disks in
     # its data centers and decrypts the data when you access it. You have
-    # the option to provide your own encryption key or use AWS managed
-    # encryption keys (SSE-S3 or SSE-KMS). For more information, see [Using
-    # Server-Side Encryption][2].
+    # the option to provide your own encryption key or use Amazon Web
+    # Services managed encryption keys (SSE-S3 or SSE-KMS). For more
+    # information, see [Using Server-Side Encryption][2].
     #
-    # If you request server-side encryption using AWS Key Management Service
-    # (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For
-    # more information, see [Amazon S3 Bucket Keys][3] in the *Amazon S3
-    # User Guide*.
+    # If you request server-side encryption using Amazon Web Services Key
+    # Management Service (SSE-KMS), you can enable an S3 Bucket Key at the
+    # object-level. For more information, see [Amazon S3 Bucket Keys][3] in
+    # the *Amazon S3 User Guide*.
     #
     # **Access Control List (ACL)-Specific Request Headers**
     #
     # You can use headers to grant ACL- based permissions. By default, all
     # objects are private. Only the owner has full access control. When
-    # adding a new object, you can grant permissions to individual AWS
-    # accounts or to predefined groups defined by Amazon S3. These
-    # permissions are then added to the ACL on the object. For more
+    # adding a new object, you can grant permissions to individual Amazon
+    # Web Services accounts or to predefined groups defined by Amazon S3.
+    # These permissions are then added to the ACL on the object. For more
     # information, see [Access Control List (ACL) Overview][4] and [Managing
     # ACLs Using the REST API][5].
     #
@@ -10828,19 +10928,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -11005,19 +11105,19 @@ module Aws::S3
     #
     # @option params [String] :ssekms_key_id
     #   If `x-amz-server-side-encryption` is present and has the value of
-    #   `aws:kms`, this header specifies the ID of the AWS Key Management
-    #   Service (AWS KMS) symmetrical customer managed customer master key
-    #   (CMK) that was used for the object. If you specify
-    #   `x-amz-server-side-encryption:aws:kms`, but do not provide`
-    #   x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS
-    #   managed CMK in AWS to protect the data. If the KMS key does not exist
-    #   in the same account issuing the command, you must use the full ARN and
-    #   not just the ID.
+    #   `aws:kms`, this header specifies the ID of the Amazon Web Services Key
+    #   Management Service (Amazon Web Services KMS) symmetrical customer
+    #   managed customer master key (CMK) that was used for the object. If you
+    #   specify `x-amz-server-side-encryption:aws:kms`, but do not provide`
+    #   x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
+    #   Amazon Web Services managed CMK in Amazon Web Services to protect the
+    #   data. If the KMS key does not exist in the same account issuing the
+    #   command, you must use the full ARN and not just the ID.
     #
     # @option params [String] :ssekms_encryption_context
-    #   Specifies the AWS KMS Encryption Context to use for object encryption.
-    #   The value of this header is a base64-encoded UTF-8 string holding JSON
-    #   with the encryption context key-value pairs.
+    #   Specifies the Amazon Web Services KMS Encryption Context to use for
+    #   object encryption. The value of this header is a base64-encoded UTF-8
+    #   string holding JSON with the encryption context key-value pairs.
     #
     # @option params [Boolean] :bucket_key_enabled
     #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
@@ -11077,134 +11177,134 @@ module Aws::S3
     #   * {Types::PutObjectOutput#request_charged #request_charged} => String
     #
     #
-    # @example Example: To upload an object
+    # @example Example: To upload an object (specify optional headers)
     #
-    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
-    #   # syntax. S3 returns VersionId of the newly created object.
+    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
+    #   # storage class and use server-side encryption.
     #
     #   resp = client.put_object({
     #     body: "HappyFace.jpg", 
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
+    #     server_side_encryption: "AES256", 
+    #     storage_class: "STANDARD_IA", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
     #   }
     #
-    # @example Example: To upload object and specify user-defined metadata
+    # @example Example: To upload an object and specify server-side encryption and object tags
     #
-    #   # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
-    #   # enabled, S3 returns version ID in response.
+    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
+    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
-    #     metadata: {
-    #       "metadata1" => "value1", 
-    #       "metadata2" => "value2", 
-    #     }, 
+    #     server_side_encryption: "AES256", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
     #   }
     #
-    # @example Example: To upload an object (specify optional headers)
+    # @example Example: To create an object.
     #
-    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
-    #   # storage class and use server-side encryption.
+    #   # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     body: "HappyFace.jpg", 
+    #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
-    #     server_side_encryption: "AES256", 
-    #     storage_class: "STANDARD_IA", 
+    #     key: "objectkey", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
+    #     version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ", 
     #   }
     #
-    # @example Example: To create an object.
+    # @example Example: To upload object and specify user-defined metadata
     #
-    #   # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
+    #   # enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "objectkey", 
+    #     key: "exampleobject", 
+    #     metadata: {
+    #       "metadata1" => "value1", 
+    #       "metadata2" => "value2", 
+    #     }, 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ", 
+    #     version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0", 
     #   }
     #
-    # @example Example: To upload an object and specify server-side encryption and object tags
+    # @example Example: To upload an object and specify canned ACL.
     #
-    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
-    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
+    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
+    #     acl: "authenticated-read", 
     #     body: "filetoupload", 
     #     bucket: "examplebucket", 
     #     key: "exampleobject", 
-    #     server_side_encryption: "AES256", 
-    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
+    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
     #   }
     #
-    # @example Example: To upload an object and specify optional tags
+    # @example Example: To upload an object
     #
-    #   # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
-    #   # S3 returns version ID of the newly created object.
+    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
+    #   # syntax. S3 returns VersionId of the newly created object.
     #
     #   resp = client.put_object({
-    #     body: "c:\\HappyFace.jpg", 
+    #     body: "HappyFace.jpg", 
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
-    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a", 
+    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
     #   }
     #
-    # @example Example: To upload an object and specify canned ACL.
+    # @example Example: To upload an object and specify optional tags
     #
-    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
-    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
+    #   # S3 returns version ID of the newly created object.
     #
     #   resp = client.put_object({
-    #     acl: "authenticated-read", 
-    #     body: "filetoupload", 
+    #     body: "c:\\HappyFace.jpg", 
     #     bucket: "examplebucket", 
-    #     key: "exampleobject", 
+    #     key: "HappyFace.jpg", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
+    #     version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a", 
     #   }
     #
     # @example Streaming a file from disk
@@ -11303,26 +11403,26 @@ module Aws::S3
     # * Specify access permissions explicitly with the `x-amz-grant-read`,
     #   `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and
     #   `x-amz-grant-full-control` headers. When using these headers, you
-    #   specify explicit access permissions and grantees (AWS accounts or
-    #   Amazon S3 groups) who will receive the permission. If you use these
-    #   ACL-specific headers, you cannot use `x-amz-acl` header to set a
-    #   canned ACL. These parameters map to the set of permissions that
-    #   Amazon S3 supports in an ACL. For more information, see [Access
-    #   Control List (ACL) Overview][2].
+    #   specify explicit access permissions and grantees (Amazon Web
+    #   Services accounts or Amazon S3 groups) who will receive the
+    #   permission. If you use these ACL-specific headers, you cannot use
+    #   `x-amz-acl` header to set a canned ACL. These parameters map to the
+    #   set of permissions that Amazon S3 supports in an ACL. For more
+    #   information, see [Access Control List (ACL) Overview][2].
     #
     #   You specify each grantee as a type=value pair, where the type is one
     #   of the following:
     #
-    #   * `id` – if the value specified is the canonical user ID of an AWS
-    #     account
+    #   * `id` – if the value specified is the canonical user ID of an
+    #     Amazon Web Services account
     #
     #   * `uri` – if you are granting permissions to a predefined group
     #
     #   * `emailAddress` – if the value specified is the email address of an
-    #     AWS account
+    #     Amazon Web Services account
     #
     #     <note markdown="1"> Using email addresses to specify a grantee is only supported in
-    #     the following AWS Regions:
+    #     the following Amazon Web Services Regions:
     #
     #      * US East (N. Virginia)
     #
@@ -11341,13 +11441,14 @@ module Aws::S3
     #     * South America (São Paulo)
     #
     #      For a list of all the Amazon S3 supported Regions and endpoints,
-    #     see [Regions and Endpoints][4] in the AWS General Reference.
+    #     see [Regions and Endpoints][4] in the Amazon Web Services General
+    #     Reference.
     #
     #      </note>
     #
     #   For example, the following `x-amz-grant-read` header grants list
-    #   objects permission to the two AWS accounts identified by their email
-    #   addresses.
+    #   objects permission to the two Amazon Web Services accounts
+    #   identified by their email addresses.
     #
     #   `x-amz-grant-read: emailAddress="xyz@amazon.com",
     #   emailAddress="abc@amazon.com" `
@@ -11382,7 +11483,7 @@ module Aws::S3
     #   GET Object acl request, appears as the CanonicalUser.
     #
     #   <note markdown="1"> Using email addresses to specify a grantee is only supported in the
-    #   following AWS Regions:
+    #   following Amazon Web Services Regions:
     #
     #    * US East (N. Virginia)
     #
@@ -11401,7 +11502,8 @@ module Aws::S3
     #   * South America (São Paulo)
     #
     #    For a list of all the Amazon S3 supported Regions and endpoints, see
-    #   [Regions and Endpoints][4] in the AWS General Reference.
+    #   [Regions and Endpoints][4] in the Amazon Web Services General
+    #   Reference.
     #
     #    </note>
     #
@@ -11445,10 +11547,10 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -11460,8 +11562,9 @@ module Aws::S3
     #   not corrupted in transit. For more information, go to [RFC
     #   1864.&gt;][1]
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     #
     #
@@ -11500,19 +11603,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -11625,10 +11728,10 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -11658,8 +11761,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -11709,7 +11813,8 @@ module Aws::S3
     #   same time.
     #
     # * You can only enable Object Lock for new buckets. If you want to turn
-    #   on Object Lock for an existing bucket, contact AWS Support.
+    #   on Object Lock for an existing bucket, contact Amazon Web Services
+    #   Support.
     #
     #  </note>
     #
@@ -11742,8 +11847,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -11788,10 +11894,20 @@ module Aws::S3
     end
 
     # Places an Object Retention configuration on an object. For more
-    # information, see [Locking Objects][1].
+    # information, see [Locking Objects][1]. Users or accounts require the
+    # `s3:PutObjectRetention` permission in order to place an Object
+    # Retention configuration on objects. Bypassing a Governance Retention
+    # configuration requires the `s3:BypassGovernanceRetention` permission.
     #
     # This action is not supported by Amazon S3 on Outposts.
     #
+    # **Permissions**
+    #
+    # When the Object Lock retention mode is set to compliance, you need
+    # `s3:PutObjectRetention` and `s3:BypassGovernanceRetention`
+    # permissions. For other requests to `PutObjectRetention`, only
+    # `s3:PutObjectRetention` permissions are required.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -11803,10 +11919,10 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -11841,8 +11957,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -11945,19 +12062,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -11973,8 +12090,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash for the request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [required, Types::Tagging] :tagging
     #   Container for the `TagSet` and `Tag` elements
@@ -12100,8 +12218,9 @@ module Aws::S3
     # @option params [String] :content_md5
     #   The MD5 hash of the `PutPublicAccessBlock` request body.
     #
-    #   For requests made using the AWS Command Line Interface (CLI) or AWS
-    #   SDKs, this field is calculated automatically.
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
     #
     # @option params [required, Types::PublicAccessBlockConfiguration] :public_access_block_configuration
     #   The `PublicAccessBlock` configuration that you want to apply to this
@@ -12174,13 +12293,13 @@ module Aws::S3
     # When making a select request, do the following:
     #
     # * Define an output location for the select query's output. This must
-    #   be an Amazon S3 bucket in the same AWS Region as the bucket that
-    #   contains the archive object that is being queried. The AWS account
-    #   that initiates the job must have permissions to write to the S3
-    #   bucket. You can specify the storage class and encryption for the
-    #   output objects stored in the bucket. For more information about
-    #   output, see [Querying Archived Objects][3] in the *Amazon S3 User
-    #   Guide*.
+    #   be an Amazon S3 bucket in the same Amazon Web Services Region as the
+    #   bucket that contains the archive object that is being queried. The
+    #   Amazon Web Services account that initiates the job must have
+    #   permissions to write to the S3 bucket. You can specify the storage
+    #   class and encryption for the output objects stored in the bucket.
+    #   For more information about output, see [Querying Archived
+    #   Objects][3] in the *Amazon S3 User Guide*.
     #
     #   For more information about the `S3` structure in the request body,
     #   see the following:
@@ -12389,19 +12508,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -12618,10 +12737,10 @@ module Aws::S3
     #   Encryption Keys)][5] in the *Amazon S3 User Guide*.
     #
     #   For objects that are encrypted with Amazon S3 managed encryption
-    #   keys (SSE-S3) and customer master keys (CMKs) stored in AWS Key
-    #   Management Service (SSE-KMS), server-side encryption is handled
-    #   transparently, so you don't need to specify anything. For more
-    #   information about server-side encryption, including SSE-S3 and
+    #   keys (SSE-S3) and customer master keys (CMKs) stored in Amazon Web
+    #   Services Key Management Service (SSE-KMS), server-side encryption is
+    #   handled transparently, so you don't need to specify anything. For
+    #   more information about server-side encryption, including SSE-S3 and
     #   SSE-KMS, see [Protecting Data Using Server-Side Encryption][6] in
     #   the *Amazon S3 User Guide*.
     #
@@ -12630,7 +12749,7 @@ module Aws::S3
     # Given the response size is unknown, Amazon S3 Select streams the
     # response as a series of messages and includes a `Transfer-Encoding`
     # header with `chunked` as its value in the response. For more
-    # information, see [Appendix: SelectObjectContent Response][7] .
+    # information, see [Appendix: SelectObjectContent Response][7].
     #
     #
     #
@@ -13001,10 +13120,11 @@ module Aws::S3
     # checks the part data against the provided MD5 value. If they do not
     # match, Amazon S3 returns an error.
     #
-    # If the upload request is signed with Signature Version 4, then AWS S3
-    # uses the `x-amz-content-sha256` header as a checksum instead of
-    # `Content-MD5`. For more information see [Authenticating Requests:
-    # Using the Authorization Header (AWS Signature Version 4)][3].
+    # If the upload request is signed with Signature Version 4, then Amazon
+    # Web Services S3 uses the `x-amz-content-sha256` header as a checksum
+    # instead of `Content-MD5`. For more information see [Authenticating
+    # Requests: Using the Authorization Header (Amazon Web Services
+    # Signature Version 4)][3].
     #
     # **Note:** After you initiate multipart upload and upload one or more
     # parts, you must either complete or abort multipart upload in order to
@@ -13022,11 +13142,11 @@ module Aws::S3
     # You can optionally request server-side encryption where Amazon S3
     # encrypts your data as it writes it to disks in its data centers and
     # decrypts it for you when you access it. You have the option of
-    # providing your own encryption key, or you can use the AWS managed
-    # encryption keys. If you choose to provide your own encryption key, the
-    # request headers you provide in the request must match the headers you
-    # used in the request to initiate the upload by using
-    # [CreateMultipartUpload][2]. For more information, go to [Using
+    # providing your own encryption key, or you can use the Amazon Web
+    # Services managed encryption keys. If you choose to provide your own
+    # encryption key, the request headers you provide in the request must
+    # match the headers you used in the request to initiate the upload by
+    # using [CreateMultipartUpload][2]. For more information, go to [Using
     # Server-Side Encryption][6] in the *Amazon S3 User Guide*.
     #
     # Server-side encryption is supported by the S3 Multipart Upload
@@ -13093,19 +13213,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -13367,19 +13487,19 @@ module Aws::S3
     #   When using this action with an access point, you must direct requests
     #   to the access point hostname. The access point hostname takes the form
     #   *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
-    #   When using this action with an access point through the AWS SDKs, you
-    #   provide the access point ARN in place of the bucket name. For more
-    #   information about access point ARNs, see [Using access points][1] in
-    #   the *Amazon S3 User Guide*.
+    #   When using this action with an access point through the Amazon Web
+    #   Services SDKs, you provide the access point ARN in place of the bucket
+    #   name. For more information about access point ARNs, see [Using access
+    #   points][1] in the *Amazon S3 User Guide*.
     #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
     #   *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
-    #   When using this action using S3 on Outposts through the AWS SDKs, you
-    #   provide the Outposts bucket ARN in place of the bucket name. For more
-    #   information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
-    #   in the *Amazon S3 User Guide*.
+    #   When using this action using S3 on Outposts through the Amazon Web
+    #   Services SDKs, you provide the Outposts bucket ARN in place of the
+    #   bucket name. For more information about S3 on Outposts ARNs, see
+    #   [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
     #
     #
     #
@@ -13409,7 +13529,8 @@ module Aws::S3
     #     The value must be URL encoded.
     #
     #     <note markdown="1"> Amazon S3 supports copy operations using access points only when the
-    #     source and destination buckets are in the same AWS Region.
+    #     source and destination buckets are in the same Amazon Web Services
+    #     Region.
     #
     #      </note>
     #
@@ -13624,18 +13745,24 @@ module Aws::S3
     # [GetObject][2], in addition to `RequestRoute`, `RequestToken`,
     # `StatusCode`, `ErrorCode`, and `ErrorMessage`. The `GetObject`
     # response metadata is supported so that the `WriteGetObjectResponse`
-    # caller, typically an AWS Lambda function, can provide the same
-    # metadata when it internally invokes `GetObject`. When
-    # `WriteGetObjectResponse` is called by a customer-owned Lambda
-    # function, the metadata returned to the end user `GetObject` call might
-    # differ from what Amazon S3 would normally return.
-    #
-    # AWS provides some prebuilt Lambda functions that you can use with S3
-    # Object Lambda to detect and redact personally identifiable information
-    # (PII) and decompress S3 objects. These Lambda functions are available
-    # in the AWS Serverless Application Repository, and can be selected
-    # through the AWS Management Console when you create your Object Lambda
-    # Access Point.
+    # caller, typically an Lambda function, can provide the same metadata
+    # when it internally invokes `GetObject`. When `WriteGetObjectResponse`
+    # is called by a customer-owned Lambda function, the metadata returned
+    # to the end user `GetObject` call might differ from what Amazon S3
+    # would normally return.
+    #
+    # You can include any number of metadata headers. When including a
+    # metadata header, it should be prefaced with `x-amz-meta`. For example,
+    # `x-amz-meta-my-custom-header: MyCustomValue`. The primary use case for
+    # this is to forward `GetObject` metadata.
+    #
+    # Amazon Web Services provides some prebuilt Lambda functions that you
+    # can use with S3 Object Lambda to detect and redact personally
+    # identifiable information (PII) and decompress S3 objects. These Lambda
+    # functions are available in the Amazon Web Services Serverless
+    # Application Repository, and can be selected through the Amazon Web
+    # Services Management Console when you create your Object Lambda Access
+    # Point.
     #
     # Example 1: PII Access Control - This Lambda function uses Amazon
     # Comprehend, a natural language processing (NLP) service using machine
@@ -13656,8 +13783,9 @@ module Aws::S3
     # in S3 in one of six compressed file formats including bzip2, gzip,
     # snappy, zlib, zstandard and ZIP.
     #
-    # For information on how to view and use these functions, see [Using AWS
-    # built Lambda functions][3] in the *Amazon S3 User Guide*.
+    # For information on how to view and use these functions, see [Using
+    # Amazon Web Services built Lambda functions][3] in the *Amazon S3 User
+    # Guide*.
     #
     #
     #
@@ -13825,9 +13953,9 @@ module Aws::S3
     #   Amazon S3.
     #
     # @option params [String] :ssekms_key_id
-    #   If present, specifies the ID of the AWS Key Management Service (AWS
-    #   KMS) symmetric customer managed customer master key (CMK) that was
-    #   used for stored in Amazon S3 object.
+    #   If present, specifies the ID of the Amazon Web Services Key Management
+    #   Service (Amazon Web Services KMS) symmetric customer managed customer
+    #   master key (CMK) that was used for stored in Amazon S3 object.
     #
     # @option params [String] :sse_customer_key_md5
     #   128-bit MD5 digest of customer-provided encryption key used in Amazon
@@ -13850,7 +13978,7 @@ module Aws::S3
     #
     # @option params [Boolean] :bucket_key_enabled
     #   Indicates whether the object stored in Amazon S3 uses an S3 bucket key
-    #   for server-side encryption with AWS KMS (SSE-KMS).
+    #   for server-side encryption with Amazon Web Services KMS (SSE-KMS).
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -13919,7 +14047,7 @@ module Aws::S3
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.96.2'
+      context[:gem_version] = '1.100.0'
       Seahorse::Client::Request.new(handlers, context)
     end