aws-sdk-s3 1.98.0 → 1.102.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 830f339f4af46f2943da2a8e192bc0475ce6a7716151f330b825a948011a0832
4
- data.tar.gz: b716331657e8d1294639f01b6489acb991ae65e37c388a90fc8138671caf1ac7
3
+ metadata.gz: 5e460144a4d67350a975bcb1b28dded53872af939cb512c74bc7c1e73ff1e616
4
+ data.tar.gz: cfd0bc9fb977e27ec33f3d497a1547e92808a13fd42b3e9b1ee7f6a73bec5771
5
5
  SHA512:
6
- metadata.gz: 10366799b29c338052196c57a301f112fd46b6a183bd2cbb9661a6ecff45cbce82b8db8beb44f750bb077c592161014098d14dc7fb9e94312d8774fbd5ca738a
7
- data.tar.gz: e550d2655df0e6da37948a8e3ab7e548f9399aaa54a0c5d69d6f1b58a0a098df6fe70f366a2b09641e4ca26ed061d78ad90c75042858439e3b19e5611baa8d01
6
+ metadata.gz: c58146b420fb36c1468743f06899a3ce195499a72966a1fe99ead757b4257da9c5cd29133977c371fdbd6fd9f4480b33807a0baae30deecee4fbb94de7f5a72e
7
+ data.tar.gz: 84bdb26904354cb178793d2f329bb428903a5765b76dff87e34e5030c1e132a41d1b22af39a37ae0df778d43b2da673fb92d18ab9a685bbe1ba9451b4b1f5096
data/CHANGELOG.md CHANGED
@@ -1,6 +1,26 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.102.0 (2021-09-02)
5
+ ------------------
6
+
7
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
8
+
9
+ 1.101.0 (2021-09-01)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
14
+ 1.100.0 (2021-08-27)
15
+ ------------------
16
+
17
+ * Feature - Documentation updates for Amazon S3.
18
+
19
+ 1.99.0 (2021-08-16)
20
+ ------------------
21
+
22
+ * Feature - Documentation updates for Amazon S3
23
+
4
24
  1.98.0 (2021-07-30)
5
25
  ------------------
6
26
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.98.0
1
+ 1.102.0
@@ -0,0 +1,69 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module S3
5
+ # @api private
6
+ class MultiRegionAccessPointARN < Aws::ARN
7
+ def initialize(options)
8
+ super(options)
9
+ @type, @mrap_alias, @extra = @resource.split(/[:,\/]/)
10
+ end
11
+
12
+ attr_reader :mrap_alias
13
+
14
+ def support_dualstack?
15
+ false
16
+ end
17
+
18
+ def support_fips?
19
+ false
20
+ end
21
+
22
+ def validate_arn!
23
+ unless @service == 's3'
24
+ raise ArgumentError,
25
+ 'Must provide a valid S3 multi-region access point ARN.'
26
+ end
27
+
28
+ if @account_id.empty?
29
+ raise ArgumentError,
30
+ 'S3 multi-region access point ARNs must contain '\
31
+ 'an account id.'
32
+ end
33
+
34
+ unless @region.empty?
35
+ raise ArgumentError,
36
+ 'Multi-region access points must have an empty region.'
37
+ end
38
+
39
+ if @type != 'accesspoint'
40
+ raise ArgumentError, 'Invalid ARN, resource format is not correct'
41
+ end
42
+
43
+ if @mrap_alias.nil? || @mrap_alias.empty?
44
+ raise ArgumentError, 'Missing ARN multi-region access points alias.'
45
+ end
46
+
47
+ unless @mrap_alias.split('.').all? { |s| Seahorse::Util.host_label?(s) }
48
+ raise ArgumentError, "#{@mrap_alias} is not a valid "\
49
+ 'multi region access point alias.'
50
+ end
51
+
52
+ if @extra
53
+ raise ArgumentError,
54
+ 'ARN access point resource must be a single value.'
55
+ end
56
+ end
57
+
58
+ def host_url(region, fips = false, dualstack = false, custom_endpoint = nil)
59
+ if custom_endpoint
60
+ "#{@mrap_alias}.#{custom_endpoint}"
61
+ else
62
+
63
+ sfx = Aws::Partitions::EndpointProvider.dns_suffix_for(@partition)
64
+ "#{@mrap_alias}.accesspoint.s3-global.#{sfx}"
65
+ end
66
+ end
67
+ end
68
+ end
69
+ end
@@ -315,8 +315,8 @@ module Aws::S3
315
315
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
316
316
  # @option options [Boolean] :bypass_governance_retention
317
317
  # Specifies whether you want to delete this object even if it has a
318
- # Governance-type Object Lock in place. You must have sufficient
319
- # permissions to perform this operation.
318
+ # Governance-type Object Lock in place. To use this header, you must
319
+ # have the `s3:PutBucketPublicAccessBlock` permission.
320
320
  # @option options [String] :expected_bucket_owner
321
321
  # The account ID of the expected bucket owner. If the bucket is owned by
322
322
  # a different account, the request will fail with an HTTP `403 (Access
@@ -515,18 +515,18 @@ module Aws::S3
515
515
  # ensure that the encryption key was transmitted without error.
516
516
  # @option options [String] :ssekms_key_id
517
517
  # If `x-amz-server-side-encryption` is present and has the value of
518
- # `aws:kms`, this header specifies the ID of the AWS Key Management
519
- # Service (AWS KMS) symmetrical customer managed customer master key
520
- # (CMK) that was used for the object. If you specify
521
- # `x-amz-server-side-encryption:aws:kms`, but do not provide`
522
- # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS
523
- # managed CMK in AWS to protect the data. If the KMS key does not exist
524
- # in the same account issuing the command, you must use the full ARN and
525
- # not just the ID.
518
+ # `aws:kms`, this header specifies the ID of the Amazon Web Services Key
519
+ # Management Service (Amazon Web Services KMS) symmetrical customer
520
+ # managed customer master key (CMK) that was used for the object. If you
521
+ # specify `x-amz-server-side-encryption:aws:kms`, but do not provide`
522
+ # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
523
+ # Amazon Web Services managed CMK in Amazon Web Services to protect the
524
+ # data. If the KMS key does not exist in the same account issuing the
525
+ # command, you must use the full ARN and not just the ID.
526
526
  # @option options [String] :ssekms_encryption_context
527
- # Specifies the AWS KMS Encryption Context to use for object encryption.
528
- # The value of this header is a base64-encoded UTF-8 string holding JSON
529
- # with the encryption context key-value pairs.
527
+ # Specifies the Amazon Web Services KMS Encryption Context to use for
528
+ # object encryption. The value of this header is a base64-encoded UTF-8
529
+ # string holding JSON with the encryption context key-value pairs.
530
530
  # @option options [Boolean] :bucket_key_enabled
531
531
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
532
532
  # encryption with server-side encryption using AWS KMS (SSE-KMS).
@@ -221,8 +221,9 @@ module Aws::S3
221
221
  # used as a message integrity check to verify that the request body was
222
222
  # not corrupted in transit. For more information, go to [RFC 1864.][1]
223
223
  #
224
- # For requests made using the AWS Command Line Interface (CLI) or AWS
225
- # SDKs, this field is calculated automatically.
224
+ # For requests made using the Amazon Web Services Command Line Interface
225
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
226
+ # automatically.
226
227
  #
227
228
  #
228
229
  #
@@ -224,8 +224,9 @@ module Aws::S3
224
224
  # used as a message integrity check to verify that the request body was
225
225
  # not corrupted in transit. For more information, go to [RFC 1864.][1]
226
226
  #
227
- # For requests made using the AWS Command Line Interface (CLI) or AWS
228
- # SDKs, this field is calculated automatically.
227
+ # For requests made using the Amazon Web Services Command Line Interface
228
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
229
+ # automatically.
229
230
  #
230
231
  #
231
232
  #
@@ -228,8 +228,9 @@ module Aws::S3
228
228
  # })
229
229
  # @param [Hash] options ({})
230
230
  # @option options [String] :content_md5
231
- # For requests made using the AWS Command Line Interface (CLI) or AWS
232
- # SDKs, this field is calculated automatically.
231
+ # For requests made using the Amazon Web Services Command Line Interface
232
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
233
+ # automatically.
233
234
  # @option options [Types::LifecycleConfiguration] :lifecycle_configuration
234
235
  # @option options [String] :expected_bucket_owner
235
236
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -210,8 +210,9 @@ module Aws::S3
210
210
  # @option options [String] :content_md5
211
211
  # The MD5 hash of the `PutBucketLogging` request body.
212
212
  #
213
- # For requests made using the AWS Command Line Interface (CLI) or AWS
214
- # SDKs, this field is calculated automatically.
213
+ # For requests made using the Amazon Web Services Command Line Interface
214
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
215
+ # automatically.
215
216
  # @option options [String] :expected_bucket_owner
216
217
  # The account ID of the expected bucket owner. If the bucket is owned by
217
218
  # a different account, the request will fail with an HTTP `403 (Access
@@ -48,8 +48,8 @@ module Aws::S3
48
48
  data[:queue_configurations]
49
49
  end
50
50
 
51
- # Describes the AWS Lambda functions to invoke and the events for which
52
- # to invoke them.
51
+ # Describes the Lambda functions to invoke and the events for which to
52
+ # invoke them.
53
53
  # @return [Array<Types::LambdaFunctionConfiguration>]
54
54
  def lambda_function_configurations
55
55
  data[:lambda_function_configurations]
@@ -203,8 +203,9 @@ module Aws::S3
203
203
  # @option options [String] :content_md5
204
204
  # The MD5 hash of the request body.
205
205
  #
206
- # For requests made using the AWS Command Line Interface (CLI) or AWS
207
- # SDKs, this field is calculated automatically.
206
+ # For requests made using the Amazon Web Services Command Line Interface
207
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
208
+ # automatically.
208
209
  # @option options [Boolean] :confirm_remove_self_bucket_access
209
210
  # Set this parameter to true to confirm that you want to remove your
210
211
  # permissions to change this bucket policy in the future.
@@ -189,8 +189,9 @@ module Aws::S3
189
189
  # header as a message integrity check to verify that the request body
190
190
  # was not corrupted in transit. For more information, see [RFC 1864][1].
191
191
  #
192
- # For requests made using the AWS Command Line Interface (CLI) or AWS
193
- # SDKs, this field is calculated automatically.
192
+ # For requests made using the Amazon Web Services Command Line Interface
193
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
194
+ # automatically.
194
195
  #
195
196
  #
196
197
  #
@@ -211,8 +211,9 @@ module Aws::S3
211
211
  # header as a message integrity check to verify that the request body
212
212
  # was not corrupted in transit. For more information, see [RFC 1864][1].
213
213
  #
214
- # For requests made using the AWS Command Line Interface (CLI) or AWS
215
- # SDKs, this field is calculated automatically.
214
+ # For requests made using the Amazon Web Services Command Line Interface
215
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
216
+ # automatically.
216
217
  #
217
218
  #
218
219
  #
@@ -197,8 +197,9 @@ module Aws::S3
197
197
  # body was not corrupted in transit. For more information, see [RFC
198
198
  # 1864][1].
199
199
  #
200
- # For requests made using the AWS Command Line Interface (CLI) or AWS
201
- # SDKs, this field is calculated automatically.
200
+ # For requests made using the Amazon Web Services Command Line Interface
201
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
202
+ # automatically.
202
203
  #
203
204
  #
204
205
  #
@@ -240,8 +241,9 @@ module Aws::S3
240
241
  # body was not corrupted in transit. For more information, see [RFC
241
242
  # 1864][1].
242
243
  #
243
- # For requests made using the AWS Command Line Interface (CLI) or AWS
244
- # SDKs, this field is calculated automatically.
244
+ # For requests made using the Amazon Web Services Command Line Interface
245
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
246
+ # automatically.
245
247
  #
246
248
  #
247
249
  #
@@ -276,8 +278,9 @@ module Aws::S3
276
278
  # body was not corrupted in transit. For more information, see [RFC
277
279
  # 1864][1].
278
280
  #
279
- # For requests made using the AWS Command Line Interface (CLI) or AWS
280
- # SDKs, this field is calculated automatically.
281
+ # For requests made using the Amazon Web Services Command Line Interface
282
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
283
+ # automatically.
281
284
  #
282
285
  #
283
286
  #
@@ -252,8 +252,9 @@ module Aws::S3
252
252
  # header as a message integrity check to verify that the request body
253
253
  # was not corrupted in transit. For more information, see [RFC 1864][1].
254
254
  #
255
- # For requests made using the AWS Command Line Interface (CLI) or AWS
256
- # SDKs, this field is calculated automatically.
255
+ # For requests made using the Amazon Web Services Command Line Interface
256
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
257
+ # automatically.
257
258
  #
258
259
  #
259
260
  #
@@ -327,6 +327,11 @@ module Aws::S3
327
327
  # in the future.
328
328
  #
329
329
  #
330
+ # @option options [Boolean] :s3_disable_multiregion_access_points (false)
331
+ # When set to `false` this will option will raise errors when multi-region
332
+ # access point ARNs are used. Multi-region access points can potentially
333
+ # result in cross region requests.
334
+ #
330
335
  # @option options [String] :s3_us_east_1_regional_endpoint ("legacy")
331
336
  # Pass in `regional` to enable the `us-east-1` regional endpoint.
332
337
  # Defaults to `legacy` mode which uses the global endpoint.
@@ -452,19 +457,19 @@ module Aws::S3
452
457
  # When using this action with an access point, you must direct requests
453
458
  # to the access point hostname. The access point hostname takes the form
454
459
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
455
- # When using this action with an access point through the AWS SDKs, you
456
- # provide the access point ARN in place of the bucket name. For more
457
- # information about access point ARNs, see [Using access points][1] in
458
- # the *Amazon S3 User Guide*.
460
+ # When using this action with an access point through the Amazon Web
461
+ # Services SDKs, you provide the access point ARN in place of the bucket
462
+ # name. For more information about access point ARNs, see [Using access
463
+ # points][1] in the *Amazon S3 User Guide*.
459
464
  #
460
465
  # When using this action with Amazon S3 on Outposts, you must direct
461
466
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
462
467
  # takes the form
463
468
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
464
- # When using this action using S3 on Outposts through the AWS SDKs, you
465
- # provide the Outposts bucket ARN in place of the bucket name. For more
466
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
467
- # in the *Amazon S3 User Guide*.
469
+ # When using this action using S3 on Outposts through the Amazon Web
470
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
471
+ # bucket name. For more information about S3 on Outposts ARNs, see
472
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
468
473
  #
469
474
  #
470
475
  #
@@ -626,6 +631,28 @@ module Aws::S3
626
631
  # @option params [required, String] :bucket
627
632
  # Name of the bucket to which the multipart upload was initiated.
628
633
  #
634
+ # When using this action with an access point, you must direct requests
635
+ # to the access point hostname. The access point hostname takes the form
636
+ # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
637
+ # When using this action with an access point through the Amazon Web
638
+ # Services SDKs, you provide the access point ARN in place of the bucket
639
+ # name. For more information about access point ARNs, see [Using access
640
+ # points][1] in the *Amazon S3 User Guide*.
641
+ #
642
+ # When using this action with Amazon S3 on Outposts, you must direct
643
+ # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
644
+ # takes the form
645
+ # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
646
+ # When using this action using S3 on Outposts through the Amazon Web
647
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
648
+ # bucket name. For more information about S3 on Outposts ARNs, see
649
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
650
+ #
651
+ #
652
+ #
653
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html
654
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html
655
+ #
629
656
  # @option params [required, String] :key
630
657
  # Object key for which the multipart upload was initiated.
631
658
  #
@@ -837,12 +864,12 @@ module Aws::S3
837
864
  #
838
865
  # When you perform a CopyObject operation, you can optionally use the
839
866
  # appropriate encryption-related headers to encrypt the object using
840
- # server-side encryption with AWS managed encryption keys (SSE-S3 or
841
- # SSE-KMS) or a customer-provided encryption key. With server-side
842
- # encryption, Amazon S3 encrypts your data as it writes it to disks in
843
- # its data centers and decrypts the data when you access it. For more
844
- # information about server-side encryption, see [Using Server-Side
845
- # Encryption][8].
867
+ # server-side encryption with Amazon Web Services managed encryption
868
+ # keys (SSE-S3 or SSE-KMS) or a customer-provided encryption key. With
869
+ # server-side encryption, Amazon S3 encrypts your data as it writes it
870
+ # to disks in its data centers and decrypts the data when you access it.
871
+ # For more information about server-side encryption, see [Using
872
+ # Server-Side Encryption][8].
846
873
  #
847
874
  # If a target object uses SSE-KMS, you can enable an S3 Bucket Key for
848
875
  # the object. For more information, see [Amazon S3 Bucket Keys][9] in
@@ -853,10 +880,11 @@ module Aws::S3
853
880
  # When copying an object, you can optionally use headers to grant
854
881
  # ACL-based permissions. By default, all objects are private. Only the
855
882
  # owner has full access control. When adding a new object, you can grant
856
- # permissions to individual AWS accounts or to predefined groups defined
857
- # by Amazon S3. These permissions are then added to the ACL on the
858
- # object. For more information, see [Access Control List (ACL)
859
- # Overview][10] and [Managing ACLs Using the REST API][11].
883
+ # permissions to individual Amazon Web Services accounts or to
884
+ # predefined groups defined by Amazon S3. These permissions are then
885
+ # added to the ACL on the object. For more information, see [Access
886
+ # Control List (ACL) Overview][10] and [Managing ACLs Using the REST
887
+ # API][11].
860
888
  #
861
889
  # **Storage Class Options**
862
890
  #
@@ -923,19 +951,19 @@ module Aws::S3
923
951
  # When using this action with an access point, you must direct requests
924
952
  # to the access point hostname. The access point hostname takes the form
925
953
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
926
- # When using this action with an access point through the AWS SDKs, you
927
- # provide the access point ARN in place of the bucket name. For more
928
- # information about access point ARNs, see [Using access points][1] in
929
- # the *Amazon S3 User Guide*.
954
+ # When using this action with an access point through the Amazon Web
955
+ # Services SDKs, you provide the access point ARN in place of the bucket
956
+ # name. For more information about access point ARNs, see [Using access
957
+ # points][1] in the *Amazon S3 User Guide*.
930
958
  #
931
959
  # When using this action with Amazon S3 on Outposts, you must direct
932
960
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
933
961
  # takes the form
934
962
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
935
- # When using this action using S3 on Outposts through the AWS SDKs, you
936
- # provide the Outposts bucket ARN in place of the bucket name. For more
937
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
938
- # in the *Amazon S3 User Guide*.
963
+ # When using this action using S3 on Outposts through the Amazon Web
964
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
965
+ # bucket name. For more information about S3 on Outposts ARNs, see
966
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
939
967
  #
940
968
  #
941
969
  #
@@ -982,7 +1010,8 @@ module Aws::S3
982
1010
  # The value must be URL encoded.
983
1011
  #
984
1012
  # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
985
- # source and destination buckets are in the same AWS Region.
1013
+ # source and destination buckets are in the same Amazon Web Services
1014
+ # Region.
986
1015
  #
987
1016
  # </note>
988
1017
  #
@@ -1095,21 +1124,22 @@ module Aws::S3
1095
1124
  # ensure that the encryption key was transmitted without error.
1096
1125
  #
1097
1126
  # @option params [String] :ssekms_key_id
1098
- # Specifies the AWS KMS key ID to use for object encryption. All GET and
1099
- # PUT requests for an object protected by AWS KMS will fail if not made
1100
- # via SSL or using SigV4. For information about configuring using any of
1101
- # the officially supported AWS SDKs and AWS CLI, see [Specifying the
1102
- # Signature Version in Request Authentication][1] in the *Amazon S3 User
1103
- # Guide*.
1127
+ # Specifies the Amazon Web Services KMS key ID to use for object
1128
+ # encryption. All GET and PUT requests for an object protected by Amazon
1129
+ # Web Services KMS will fail if not made via SSL or using SigV4. For
1130
+ # information about configuring using any of the officially supported
1131
+ # Amazon Web Services SDKs and Amazon Web Services CLI, see [Specifying
1132
+ # the Signature Version in Request Authentication][1] in the *Amazon S3
1133
+ # User Guide*.
1104
1134
  #
1105
1135
  #
1106
1136
  #
1107
1137
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1108
1138
  #
1109
1139
  # @option params [String] :ssekms_encryption_context
1110
- # Specifies the AWS KMS Encryption Context to use for object encryption.
1111
- # The value of this header is a base64-encoded UTF-8 string holding JSON
1112
- # with the encryption context key-value pairs.
1140
+ # Specifies the Amazon Web Services KMS Encryption Context to use for
1141
+ # object encryption. The value of this header is a base64-encoded UTF-8
1142
+ # string holding JSON with the encryption context key-value pairs.
1113
1143
  #
1114
1144
  # @option params [Boolean] :bucket_key_enabled
1115
1145
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
@@ -1275,9 +1305,9 @@ module Aws::S3
1275
1305
  end
1276
1306
 
1277
1307
  # Creates a new S3 bucket. To create a bucket, you must register with
1278
- # Amazon S3 and have a valid AWS Access Key ID to authenticate requests.
1279
- # Anonymous requests are never allowed to create buckets. By creating
1280
- # the bucket, you become the bucket owner.
1308
+ # Amazon S3 and have a valid Amazon Web Services Access Key ID to
1309
+ # authenticate requests. Anonymous requests are never allowed to create
1310
+ # buckets. By creating the bucket, you become the bucket owner.
1281
1311
  #
1282
1312
  # Not every string is an acceptable bucket name. For information about
1283
1313
  # bucket naming restrictions, see [Bucket naming rules][1].
@@ -1323,16 +1353,16 @@ module Aws::S3
1323
1353
  # You specify each grantee as a type=value pair, where the type is one
1324
1354
  # of the following:
1325
1355
  #
1326
- # * `id` – if the value specified is the canonical user ID of an AWS
1327
- # account
1356
+ # * `id` – if the value specified is the canonical user ID of an
1357
+ # Amazon Web Services account
1328
1358
  #
1329
1359
  # * `uri` – if you are granting permissions to a predefined group
1330
1360
  #
1331
1361
  # * `emailAddress` – if the value specified is the email address of an
1332
- # AWS account
1362
+ # Amazon Web Services account
1333
1363
  #
1334
1364
  # <note markdown="1"> Using email addresses to specify a grantee is only supported in
1335
- # the following AWS Regions:
1365
+ # the following Amazon Web Services Regions:
1336
1366
  #
1337
1367
  # * US East (N. Virginia)
1338
1368
  #
@@ -1351,13 +1381,14 @@ module Aws::S3
1351
1381
  # * South America (São Paulo)
1352
1382
  #
1353
1383
  # For a list of all the Amazon S3 supported Regions and endpoints,
1354
- # see [Regions and Endpoints][7] in the AWS General Reference.
1384
+ # see [Regions and Endpoints][7] in the Amazon Web Services General
1385
+ # Reference.
1355
1386
  #
1356
1387
  # </note>
1357
1388
  #
1358
- # For example, the following `x-amz-grant-read` header grants the AWS
1359
- # accounts identified by account IDs permissions to read object data
1360
- # and its metadata:
1389
+ # For example, the following `x-amz-grant-read` header grants the
1390
+ # Amazon Web Services accounts identified by account IDs permissions
1391
+ # to read object data and its metadata:
1361
1392
  #
1362
1393
  # `x-amz-grant-read: id="11112222333", id="444455556666" `
1363
1394
  #
@@ -1366,6 +1397,19 @@ module Aws::S3
1366
1397
  #
1367
1398
  # </note>
1368
1399
  #
1400
+ # **Permissions**
1401
+ #
1402
+ # If your `CreateBucket` request specifies ACL permissions and the ACL
1403
+ # is public-read, public-read-write, authenticated-read, or if you
1404
+ # specify access permissions explicitly through any other ACL, both
1405
+ # `s3:CreateBucket` and `s3:PutBucketAcl` permissions are needed. If the
1406
+ # ACL the `CreateBucket` request is private, only `s3:CreateBucket`
1407
+ # permission is needed.
1408
+ #
1409
+ # If `ObjectLockEnabledForBucket` is set to true in your `CreateBucket`
1410
+ # request, `s3:PutBucketObjectLockConfiguration` and
1411
+ # `s3:PutBucketVersioning` permissions are required.
1412
+ #
1369
1413
  # The following operations are related to `CreateBucket`\:
1370
1414
  #
1371
1415
  # * [PutObject][8]
@@ -1504,7 +1548,8 @@ module Aws::S3
1504
1548
  # to upload parts, and then complete the multipart upload process. You
1505
1549
  # sign each request individually. There is nothing special about signing
1506
1550
  # multipart upload requests. For more information about signing, see
1507
- # [Authenticating Requests (AWS Signature Version 4)][5].
1551
+ # [Authenticating Requests (Amazon Web Services Signature Version
1552
+ # 4)][5].
1508
1553
  #
1509
1554
  # <note markdown="1"> After you initiate a multipart upload and upload one or more parts, to
1510
1555
  # stop being charged for storing the uploaded parts, you must either
@@ -1517,26 +1562,27 @@ module Aws::S3
1517
1562
  # You can optionally request server-side encryption. For server-side
1518
1563
  # encryption, Amazon S3 encrypts your data as it writes it to disks in
1519
1564
  # its data centers and decrypts it when you access it. You can provide
1520
- # your own encryption key, or use AWS Key Management Service (AWS KMS)
1521
- # customer master keys (CMKs) or Amazon S3-managed encryption keys. If
1522
- # you choose to provide your own encryption key, the request headers you
1523
- # provide in [UploadPart][1] and [UploadPartCopy][6] requests must match
1524
- # the headers you used in the request to initiate the upload by using
1525
- # `CreateMultipartUpload`.
1526
- #
1527
- # To perform a multipart upload with encryption using an AWS KMS CMK,
1528
- # the requester must have permission to the `kms:Decrypt` and
1529
- # `kms:GenerateDataKey*` actions on the key. These permissions are
1530
- # required because Amazon S3 must decrypt and read data from the
1531
- # encrypted file parts before it completes the multipart upload. For
1532
- # more information, see [Multipart upload API and permissions][7] in the
1533
- # *Amazon S3 User Guide*.
1534
- #
1535
- # If your AWS Identity and Access Management (IAM) user or role is in
1536
- # the same AWS account as the AWS KMS CMK, then you must have these
1537
- # permissions on the key policy. If your IAM user or role belongs to a
1538
- # different account than the key, then you must have the permissions on
1539
- # both the key policy and your IAM user or role.
1565
+ # your own encryption key, or use Amazon Web Services Key Management
1566
+ # Service (Amazon Web Services KMS) customer master keys (CMKs) or
1567
+ # Amazon S3-managed encryption keys. If you choose to provide your own
1568
+ # encryption key, the request headers you provide in [UploadPart][1] and
1569
+ # [UploadPartCopy][6] requests must match the headers you used in the
1570
+ # request to initiate the upload by using `CreateMultipartUpload`.
1571
+ #
1572
+ # To perform a multipart upload with encryption using an Amazon Web
1573
+ # Services KMS CMK, the requester must have permission to the
1574
+ # `kms:Decrypt` and `kms:GenerateDataKey*` actions on the key. These
1575
+ # permissions are required because Amazon S3 must decrypt and read data
1576
+ # from the encrypted file parts before it completes the multipart
1577
+ # upload. For more information, see [Multipart upload API and
1578
+ # permissions][7] in the *Amazon S3 User Guide*.
1579
+ #
1580
+ # If your Identity and Access Management (IAM) user or role is in the
1581
+ # same Amazon Web Services account as the Amazon Web Services KMS CMK,
1582
+ # then you must have these permissions on the key policy. If your IAM
1583
+ # user or role belongs to a different account than the key, then you
1584
+ # must have the permissions on both the key policy and your IAM user or
1585
+ # role.
1540
1586
  #
1541
1587
  # For more information, see [Protecting Data Using Server-Side
1542
1588
  # Encryption][8].
@@ -1566,13 +1612,14 @@ module Aws::S3
1566
1612
  # server-side encryption. Server-side encryption is for data
1567
1613
  # encryption at rest. Amazon S3 encrypts your data as it writes it to
1568
1614
  # disks in its data centers and decrypts it when you access it. The
1569
- # option you use depends on whether you want to use AWS managed
1570
- # encryption keys or provide your own encryption key.
1615
+ # option you use depends on whether you want to use Amazon Web
1616
+ # Services managed encryption keys or provide your own encryption key.
1571
1617
  #
1572
1618
  # * Use encryption keys managed by Amazon S3 or customer master keys
1573
- # (CMKs) stored in AWS Key Management Service (AWS KMS) – If you
1574
- # want AWS to manage the keys used to encrypt data, specify the
1575
- # following headers in the request.
1619
+ # (CMKs) stored in Amazon Web Services Key Management Service
1620
+ # (Amazon Web Services KMS) If you want Amazon Web Services to
1621
+ # manage the keys used to encrypt data, specify the following
1622
+ # headers in the request.
1576
1623
  #
1577
1624
  # * x-amz-server-side-encryption
1578
1625
  #
@@ -1582,16 +1629,19 @@ module Aws::S3
1582
1629
  #
1583
1630
  # <note markdown="1"> If you specify `x-amz-server-side-encryption:aws:kms`, but don't
1584
1631
  # provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3
1585
- # uses the AWS managed CMK in AWS KMS to protect the data.
1632
+ # uses the Amazon Web Services managed CMK in Amazon Web Services
1633
+ # KMS to protect the data.
1586
1634
  #
1587
1635
  # </note>
1588
1636
  #
1589
- # All GET and PUT requests for an object protected by AWS KMS fail
1590
- # if you don't make them with SSL or by using SigV4.
1637
+ # All GET and PUT requests for an object protected by Amazon Web
1638
+ # Services KMS fail if you don't make them with SSL or by using
1639
+ # SigV4.
1591
1640
  #
1592
1641
  # For more information about server-side encryption with CMKs stored
1593
- # in AWS KMS (SSE-KMS), see [Protecting Data Using Server-Side
1594
- # Encryption with CMKs stored in AWS KMS][11].
1642
+ # in Amazon Web Services KMS (SSE-KMS), see [Protecting Data Using
1643
+ # Server-Side Encryption with CMKs stored in Amazon Web Services
1644
+ # KMS][11].
1595
1645
  #
1596
1646
  # * Use customer-provided encryption keys – If you want to manage your
1597
1647
  # own encryption keys, provide all the following headers in the
@@ -1604,19 +1654,20 @@ module Aws::S3
1604
1654
  # * x-amz-server-side-encryption-customer-key-MD5
1605
1655
  #
1606
1656
  # For more information about server-side encryption with CMKs stored
1607
- # in AWS KMS (SSE-KMS), see [Protecting Data Using Server-Side
1608
- # Encryption with CMKs stored in AWS KMS][11].
1657
+ # in Amazon Web Services KMS (SSE-KMS), see [Protecting Data Using
1658
+ # Server-Side Encryption with CMKs stored in Amazon Web Services
1659
+ # KMS][11].
1609
1660
  #
1610
1661
  # Access-Control-List (ACL)-Specific Request Headers
1611
1662
  #
1612
1663
  # : You also can use the following access control–related headers with
1613
1664
  # this operation. By default, all objects are private. Only the owner
1614
1665
  # has full access control. When adding a new object, you can grant
1615
- # permissions to individual AWS accounts or to predefined groups
1616
- # defined by Amazon S3. These permissions are then added to the access
1617
- # control list (ACL) on the object. For more information, see [Using
1618
- # ACLs][12]. With this operation, you can grant access permissions
1619
- # using one of the following two methods:
1666
+ # permissions to individual Amazon Web Services accounts or to
1667
+ # predefined groups defined by Amazon S3. These permissions are then
1668
+ # added to the access control list (ACL) on the object. For more
1669
+ # information, see [Using ACLs][12]. With this operation, you can
1670
+ # grant access permissions using one of the following two methods:
1620
1671
  #
1621
1672
  # * Specify a canned ACL (`x-amz-acl`) — Amazon S3 supports a set of
1622
1673
  # predefined ACLs, known as *canned ACLs*. Each canned ACL has a
@@ -1624,12 +1675,12 @@ module Aws::S3
1624
1675
  # see [Canned ACL][9].
1625
1676
  #
1626
1677
  # * Specify access permissions explicitly — To explicitly grant access
1627
- # permissions to specific AWS accounts or groups, use the following
1628
- # headers. Each header maps to specific permissions that Amazon S3
1629
- # supports in an ACL. For more information, see [Access Control List
1630
- # (ACL) Overview][10]. In the header, you specify a list of grantees
1631
- # who get the specific permission. To grant permissions explicitly,
1632
- # use:
1678
+ # permissions to specific Amazon Web Services accounts or groups,
1679
+ # use the following headers. Each header maps to specific
1680
+ # permissions that Amazon S3 supports in an ACL. For more
1681
+ # information, see [Access Control List (ACL) Overview][10]. In the
1682
+ # header, you specify a list of grantees who get the specific
1683
+ # permission. To grant permissions explicitly, use:
1633
1684
  #
1634
1685
  # * x-amz-grant-read
1635
1686
  #
@@ -1644,16 +1695,16 @@ module Aws::S3
1644
1695
  # You specify each grantee as a type=value pair, where the type is
1645
1696
  # one of the following:
1646
1697
  #
1647
- # * `id` – if the value specified is the canonical user ID of an AWS
1648
- # account
1698
+ # * `id` – if the value specified is the canonical user ID of an
1699
+ # Amazon Web Services account
1649
1700
  #
1650
1701
  # * `uri` – if you are granting permissions to a predefined group
1651
1702
  #
1652
1703
  # * `emailAddress` – if the value specified is the email address of
1653
- # an AWS account
1704
+ # an Amazon Web Services account
1654
1705
  #
1655
1706
  # <note markdown="1"> Using email addresses to specify a grantee is only supported in
1656
- # the following AWS Regions:
1707
+ # the following Amazon Web Services Regions:
1657
1708
  #
1658
1709
  # * US East (N. Virginia)
1659
1710
  #
@@ -1672,13 +1723,14 @@ module Aws::S3
1672
1723
  # * South America (São Paulo)
1673
1724
  #
1674
1725
  # For a list of all the Amazon S3 supported Regions and endpoints,
1675
- # see [Regions and Endpoints][13] in the AWS General Reference.
1726
+ # see [Regions and Endpoints][13] in the Amazon Web Services
1727
+ # General Reference.
1676
1728
  #
1677
1729
  # </note>
1678
1730
  #
1679
1731
  # For example, the following `x-amz-grant-read` header grants the
1680
- # AWS accounts identified by account IDs permissions to read object
1681
- # data and its metadata:
1732
+ # Amazon Web Services accounts identified by account IDs permissions
1733
+ # to read object data and its metadata:
1682
1734
  #
1683
1735
  # `x-amz-grant-read: id="11112222333", id="444455556666" `
1684
1736
  #
@@ -1725,19 +1777,19 @@ module Aws::S3
1725
1777
  # When using this action with an access point, you must direct requests
1726
1778
  # to the access point hostname. The access point hostname takes the form
1727
1779
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
1728
- # When using this action with an access point through the AWS SDKs, you
1729
- # provide the access point ARN in place of the bucket name. For more
1730
- # information about access point ARNs, see [Using access points][1] in
1731
- # the *Amazon S3 User Guide*.
1780
+ # When using this action with an access point through the Amazon Web
1781
+ # Services SDKs, you provide the access point ARN in place of the bucket
1782
+ # name. For more information about access point ARNs, see [Using access
1783
+ # points][1] in the *Amazon S3 User Guide*.
1732
1784
  #
1733
1785
  # When using this action with Amazon S3 on Outposts, you must direct
1734
1786
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
1735
1787
  # takes the form
1736
1788
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
1737
- # When using this action using S3 on Outposts through the AWS SDKs, you
1738
- # provide the Outposts bucket ARN in place of the bucket name. For more
1739
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
1740
- # in the *Amazon S3 User Guide*.
1789
+ # When using this action using S3 on Outposts through the Amazon Web
1790
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
1791
+ # bucket name. For more information about S3 on Outposts ARNs, see
1792
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
1741
1793
  #
1742
1794
  #
1743
1795
  #
@@ -1829,11 +1881,12 @@ module Aws::S3
1829
1881
  # ensure that the encryption key was transmitted without error.
1830
1882
  #
1831
1883
  # @option params [String] :ssekms_key_id
1832
- # Specifies the ID of the symmetric customer managed AWS KMS CMK to use
1833
- # for object encryption. All GET and PUT requests for an object
1834
- # protected by AWS KMS will fail if not made via SSL or using SigV4. For
1835
- # information about configuring using any of the officially supported
1836
- # AWS SDKs and AWS CLI, see [Specifying the Signature Version in Request
1884
+ # Specifies the ID of the symmetric customer managed Amazon Web Services
1885
+ # KMS CMK to use for object encryption. All GET and PUT requests for an
1886
+ # object protected by Amazon Web Services KMS will fail if not made via
1887
+ # SSL or using SigV4. For information about configuring using any of the
1888
+ # officially supported Amazon Web Services SDKs and Amazon Web Services
1889
+ # CLI, see [Specifying the Signature Version in Request
1837
1890
  # Authentication][1] in the *Amazon S3 User Guide*.
1838
1891
  #
1839
1892
  #
@@ -1841,9 +1894,9 @@ module Aws::S3
1841
1894
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
1842
1895
  #
1843
1896
  # @option params [String] :ssekms_encryption_context
1844
- # Specifies the AWS KMS Encryption Context to use for object encryption.
1845
- # The value of this header is a base64-encoded UTF-8 string holding JSON
1846
- # with the encryption context key-value pairs.
1897
+ # Specifies the Amazon Web Services KMS Encryption Context to use for
1898
+ # object encryption. The value of this header is a base64-encoded UTF-8
1899
+ # string holding JSON with the encryption context key-value pairs.
1847
1900
  #
1848
1901
  # @option params [Boolean] :bucket_key_enabled
1849
1902
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
@@ -2498,19 +2551,20 @@ module Aws::S3
2498
2551
 
2499
2552
  # This implementation of the DELETE action uses the policy subresource
2500
2553
  # to delete the policy of a specified bucket. If you are using an
2501
- # identity other than the root user of the AWS account that owns the
2502
- # bucket, the calling identity must have the `DeleteBucketPolicy`
2503
- # permissions on the specified bucket and belong to the bucket owner's
2504
- # account to use this operation.
2554
+ # identity other than the root user of the Amazon Web Services account
2555
+ # that owns the bucket, the calling identity must have the
2556
+ # `DeleteBucketPolicy` permissions on the specified bucket and belong to
2557
+ # the bucket owner's account to use this operation.
2505
2558
  #
2506
2559
  # If you don't have `DeleteBucketPolicy` permissions, Amazon S3 returns
2507
2560
  # a `403 Access Denied` error. If you have the correct permissions, but
2508
2561
  # you're not using an identity that belongs to the bucket owner's
2509
2562
  # account, Amazon S3 returns a `405 Method Not Allowed` error.
2510
2563
  #
2511
- # As a security precaution, the root user of the AWS account that owns a
2512
- # bucket can always use this operation, even if the policy explicitly
2513
- # denies the root user the ability to perform this action.
2564
+ # As a security precaution, the root user of the Amazon Web Services
2565
+ # account that owns a bucket can always use this operation, even if the
2566
+ # policy explicitly denies the root user the ability to perform this
2567
+ # action.
2514
2568
  #
2515
2569
  # For more information about bucket policies, see [Using Bucket Policies
2516
2570
  # and UserPolicies][1].
@@ -2789,19 +2843,19 @@ module Aws::S3
2789
2843
  # When using this action with an access point, you must direct requests
2790
2844
  # to the access point hostname. The access point hostname takes the form
2791
2845
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2792
- # When using this action with an access point through the AWS SDKs, you
2793
- # provide the access point ARN in place of the bucket name. For more
2794
- # information about access point ARNs, see [Using access points][1] in
2795
- # the *Amazon S3 User Guide*.
2846
+ # When using this action with an access point through the Amazon Web
2847
+ # Services SDKs, you provide the access point ARN in place of the bucket
2848
+ # name. For more information about access point ARNs, see [Using access
2849
+ # points][1] in the *Amazon S3 User Guide*.
2796
2850
  #
2797
2851
  # When using this action with Amazon S3 on Outposts, you must direct
2798
2852
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2799
2853
  # takes the form
2800
2854
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2801
- # When using this action using S3 on Outposts through the AWS SDKs, you
2802
- # provide the Outposts bucket ARN in place of the bucket name. For more
2803
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
2804
- # in the *Amazon S3 User Guide*.
2855
+ # When using this action using S3 on Outposts through the Amazon Web
2856
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
2857
+ # bucket name. For more information about S3 on Outposts ARNs, see
2858
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
2805
2859
  #
2806
2860
  #
2807
2861
  #
@@ -2833,7 +2887,8 @@ module Aws::S3
2833
2887
  #
2834
2888
  # @option params [Boolean] :bypass_governance_retention
2835
2889
  # Indicates whether S3 Object Lock should bypass Governance-mode
2836
- # restrictions to process this operation.
2890
+ # restrictions to process this operation. To use this header, you must
2891
+ # have the `s3:PutBucketPublicAccessBlock` permission.
2837
2892
  #
2838
2893
  # @option params [String] :expected_bucket_owner
2839
2894
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -2925,19 +2980,19 @@ module Aws::S3
2925
2980
  # When using this action with an access point, you must direct requests
2926
2981
  # to the access point hostname. The access point hostname takes the form
2927
2982
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
2928
- # When using this action with an access point through the AWS SDKs, you
2929
- # provide the access point ARN in place of the bucket name. For more
2930
- # information about access point ARNs, see [Using access points][1] in
2931
- # the *Amazon S3 User Guide*.
2983
+ # When using this action with an access point through the Amazon Web
2984
+ # Services SDKs, you provide the access point ARN in place of the bucket
2985
+ # name. For more information about access point ARNs, see [Using access
2986
+ # points][1] in the *Amazon S3 User Guide*.
2932
2987
  #
2933
2988
  # When using this action with Amazon S3 on Outposts, you must direct
2934
2989
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
2935
2990
  # takes the form
2936
2991
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
2937
- # When using this action using S3 on Outposts through the AWS SDKs, you
2938
- # provide the Outposts bucket ARN in place of the bucket name. For more
2939
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
2940
- # in the *Amazon S3 User Guide*.
2992
+ # When using this action using S3 on Outposts through the Amazon Web
2993
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
2994
+ # bucket name. For more information about S3 on Outposts ARNs, see
2995
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
2941
2996
  #
2942
2997
  #
2943
2998
  #
@@ -2961,35 +3016,35 @@ module Aws::S3
2961
3016
  # * {Types::DeleteObjectTaggingOutput#version_id #version_id} => String
2962
3017
  #
2963
3018
  #
2964
- # @example Example: To remove tag set from an object
3019
+ # @example Example: To remove tag set from an object version
2965
3020
  #
2966
- # # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
2967
- # # operation removes tag set from the latest object version.
3021
+ # # The following example removes tag set associated with the specified object version. The request specifies both the
3022
+ # # object key and object version.
2968
3023
  #
2969
3024
  # resp = client.delete_object_tagging({
2970
3025
  # bucket: "examplebucket",
2971
3026
  # key: "HappyFace.jpg",
3027
+ # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
2972
3028
  # })
2973
3029
  #
2974
3030
  # resp.to_h outputs the following:
2975
3031
  # {
2976
- # version_id: "null",
3032
+ # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
2977
3033
  # }
2978
3034
  #
2979
- # @example Example: To remove tag set from an object version
3035
+ # @example Example: To remove tag set from an object
2980
3036
  #
2981
- # # The following example removes tag set associated with the specified object version. The request specifies both the
2982
- # # object key and object version.
3037
+ # # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
3038
+ # # operation removes tag set from the latest object version.
2983
3039
  #
2984
3040
  # resp = client.delete_object_tagging({
2985
3041
  # bucket: "examplebucket",
2986
3042
  # key: "HappyFace.jpg",
2987
- # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
2988
3043
  # })
2989
3044
  #
2990
3045
  # resp.to_h outputs the following:
2991
3046
  # {
2992
- # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
3047
+ # version_id: "null",
2993
3048
  # }
2994
3049
  #
2995
3050
  # @example Request syntax with placeholder values
@@ -3073,19 +3128,19 @@ module Aws::S3
3073
3128
  # When using this action with an access point, you must direct requests
3074
3129
  # to the access point hostname. The access point hostname takes the form
3075
3130
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
3076
- # When using this action with an access point through the AWS SDKs, you
3077
- # provide the access point ARN in place of the bucket name. For more
3078
- # information about access point ARNs, see [Using access points][1] in
3079
- # the *Amazon S3 User Guide*.
3131
+ # When using this action with an access point through the Amazon Web
3132
+ # Services SDKs, you provide the access point ARN in place of the bucket
3133
+ # name. For more information about access point ARNs, see [Using access
3134
+ # points][1] in the *Amazon S3 User Guide*.
3080
3135
  #
3081
3136
  # When using this action with Amazon S3 on Outposts, you must direct
3082
3137
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
3083
3138
  # takes the form
3084
3139
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
3085
- # When using this action using S3 on Outposts through the AWS SDKs, you
3086
- # provide the Outposts bucket ARN in place of the bucket name. For more
3087
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
3088
- # in the *Amazon S3 User Guide*.
3140
+ # When using this action using S3 on Outposts through the Amazon Web
3141
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
3142
+ # bucket name. For more information about S3 on Outposts ARNs, see
3143
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
3089
3144
  #
3090
3145
  #
3091
3146
  #
@@ -3114,8 +3169,8 @@ module Aws::S3
3114
3169
  #
3115
3170
  # @option params [Boolean] :bypass_governance_retention
3116
3171
  # Specifies whether you want to delete this object even if it has a
3117
- # Governance-type Object Lock in place. You must have sufficient
3118
- # permissions to perform this operation.
3172
+ # Governance-type Object Lock in place. To use this header, you must
3173
+ # have the `s3:PutBucketPublicAccessBlock` permission.
3119
3174
  #
3120
3175
  # @option params [String] :expected_bucket_owner
3121
3176
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -3129,20 +3184,22 @@ module Aws::S3
3129
3184
  # * {Types::DeleteObjectsOutput#errors #errors} => Array&lt;Types::Error&gt;
3130
3185
  #
3131
3186
  #
3132
- # @example Example: To delete multiple objects from a versioned bucket
3187
+ # @example Example: To delete multiple object versions from a versioned bucket
3133
3188
  #
3134
- # # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
3135
- # # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
3189
+ # # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
3190
+ # # versions and returns the key and versions of deleted objects in the response.
3136
3191
  #
3137
3192
  # resp = client.delete_objects({
3138
3193
  # bucket: "examplebucket",
3139
3194
  # delete: {
3140
3195
  # objects: [
3141
3196
  # {
3142
- # key: "objectkey1",
3197
+ # key: "HappyFace.jpg",
3198
+ # version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b",
3143
3199
  # },
3144
3200
  # {
3145
- # key: "objectkey2",
3201
+ # key: "HappyFace.jpg",
3202
+ # version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd",
3146
3203
  # },
3147
3204
  # ],
3148
3205
  # quiet: false,
@@ -3153,34 +3210,30 @@ module Aws::S3
3153
3210
  # {
3154
3211
  # deleted: [
3155
3212
  # {
3156
- # delete_marker: true,
3157
- # delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F",
3158
- # key: "objectkey1",
3213
+ # key: "HappyFace.jpg",
3214
+ # version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd",
3159
3215
  # },
3160
3216
  # {
3161
- # delete_marker: true,
3162
- # delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt",
3163
- # key: "objectkey2",
3217
+ # key: "HappyFace.jpg",
3218
+ # version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b",
3164
3219
  # },
3165
3220
  # ],
3166
3221
  # }
3167
3222
  #
3168
- # @example Example: To delete multiple object versions from a versioned bucket
3223
+ # @example Example: To delete multiple objects from a versioned bucket
3169
3224
  #
3170
- # # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
3171
- # # versions and returns the key and versions of deleted objects in the response.
3225
+ # # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
3226
+ # # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
3172
3227
  #
3173
3228
  # resp = client.delete_objects({
3174
3229
  # bucket: "examplebucket",
3175
3230
  # delete: {
3176
3231
  # objects: [
3177
3232
  # {
3178
- # key: "HappyFace.jpg",
3179
- # version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b",
3233
+ # key: "objectkey1",
3180
3234
  # },
3181
3235
  # {
3182
- # key: "HappyFace.jpg",
3183
- # version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd",
3236
+ # key: "objectkey2",
3184
3237
  # },
3185
3238
  # ],
3186
3239
  # quiet: false,
@@ -3191,12 +3244,14 @@ module Aws::S3
3191
3244
  # {
3192
3245
  # deleted: [
3193
3246
  # {
3194
- # key: "HappyFace.jpg",
3195
- # version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd",
3247
+ # delete_marker: true,
3248
+ # delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F",
3249
+ # key: "objectkey1",
3196
3250
  # },
3197
3251
  # {
3198
- # key: "HappyFace.jpg",
3199
- # version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b",
3252
+ # delete_marker: true,
3253
+ # delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt",
3254
+ # key: "objectkey2",
3200
3255
  # },
3201
3256
  # ],
3202
3257
  # }
@@ -4068,6 +4123,9 @@ module Aws::S3
4068
4123
  # To use this implementation of the operation, you must be the bucket
4069
4124
  # owner.
4070
4125
  #
4126
+ # To use this API against an access point, provide the alias of the
4127
+ # access point in place of the bucket name.
4128
+ #
4071
4129
  # The following operations are related to `GetBucketLocation`\:
4072
4130
  #
4073
4131
  # * [GetObject][2]
@@ -4510,19 +4568,20 @@ module Aws::S3
4510
4568
  end
4511
4569
 
4512
4570
  # Returns the policy of a specified bucket. If you are using an identity
4513
- # other than the root user of the AWS account that owns the bucket, the
4514
- # calling identity must have the `GetBucketPolicy` permissions on the
4515
- # specified bucket and belong to the bucket owner's account in order to
4516
- # use this operation.
4571
+ # other than the root user of the Amazon Web Services account that owns
4572
+ # the bucket, the calling identity must have the `GetBucketPolicy`
4573
+ # permissions on the specified bucket and belong to the bucket owner's
4574
+ # account in order to use this operation.
4517
4575
  #
4518
4576
  # If you don't have `GetBucketPolicy` permissions, Amazon S3 returns a
4519
4577
  # `403 Access Denied` error. If you have the correct permissions, but
4520
4578
  # you're not using an identity that belongs to the bucket owner's
4521
4579
  # account, Amazon S3 returns a `405 Method Not Allowed` error.
4522
4580
  #
4523
- # As a security precaution, the root user of the AWS account that owns a
4524
- # bucket can always use this operation, even if the policy explicitly
4525
- # denies the root user the ability to perform this action.
4581
+ # As a security precaution, the root user of the Amazon Web Services
4582
+ # account that owns a bucket can always use this operation, even if the
4583
+ # policy explicitly denies the root user the ability to perform this
4584
+ # action.
4526
4585
  #
4527
4586
  # For more information about bucket policies, see [Using Bucket Policies
4528
4587
  # and User Policies][1].
@@ -5104,10 +5163,10 @@ module Aws::S3
5104
5163
  #
5105
5164
  # Encryption request headers, like `x-amz-server-side-encryption`,
5106
5165
  # should not be sent for GET requests if your object uses server-side
5107
- # encryption with CMKs stored in AWS KMS (SSE-KMS) or server-side
5108
- # encryption with Amazon S3–managed encryption keys (SSE-S3). If your
5109
- # object does use these types of keys, you’ll get an HTTP 400 BadRequest
5110
- # error.
5166
+ # encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or
5167
+ # server-side encryption with Amazon S3–managed encryption keys
5168
+ # (SSE-S3). If your object does use these types of keys, you’ll get an
5169
+ # HTTP 400 BadRequest error.
5111
5170
  #
5112
5171
  # If you encrypt an object by using server-side encryption with
5113
5172
  # customer-provided encryption keys (SSE-C) when you store the object in
@@ -5123,18 +5182,19 @@ module Aws::S3
5123
5182
  # For more information about SSE-C, see [Server-Side Encryption (Using
5124
5183
  # Customer-Provided Encryption Keys)][6].
5125
5184
  #
5126
- # Assuming you have permission to read object tags (permission for the
5127
- # `s3:GetObjectVersionTagging` action), the response also returns the
5128
- # `x-amz-tagging-count` header that provides the count of number of tags
5129
- # associated with the object. You can use [GetObjectTagging][7] to
5130
- # retrieve the tag set associated with an object.
5185
+ # Assuming you have the relevant permission to read object tags, the
5186
+ # response also returns the `x-amz-tagging-count` header that provides
5187
+ # the count of number of tags associated with the object. You can use
5188
+ # [GetObjectTagging][7] to retrieve the tag set associated with an
5189
+ # object.
5131
5190
  #
5132
5191
  # **Permissions**
5133
5192
  #
5134
- # You need the `s3:GetObject` permission for this operation. For more
5135
- # information, see [Specifying Permissions in a Policy][8]. If the
5136
- # object you request does not exist, the error Amazon S3 returns depends
5137
- # on whether you also have the `s3:ListBucket` permission.
5193
+ # You need the relevant read object (or version) permission for this
5194
+ # operation. For more information, see [Specifying Permissions in a
5195
+ # Policy][8]. If the object you request does not exist, the error Amazon
5196
+ # S3 returns depends on whether you also have the `s3:ListBucket`
5197
+ # permission.
5138
5198
  #
5139
5199
  # * If you have the `s3:ListBucket` permission on the bucket, Amazon S3
5140
5200
  # will return an HTTP status code 404 ("no such key") error.
@@ -5147,9 +5207,12 @@ module Aws::S3
5147
5207
  # By default, the GET action returns the current version of an object.
5148
5208
  # To return a different version, use the `versionId` subresource.
5149
5209
  #
5150
- # <note markdown="1"> If the current version of the object is a delete marker, Amazon S3
5151
- # behaves as if the object was deleted and includes
5152
- # `x-amz-delete-marker: true` in the response.
5210
+ # <note markdown="1"> * You need the `s3:GetObjectVersion` permission to access a specific
5211
+ # version of an object.
5212
+ #
5213
+ # * If the current version of the object is a delete marker, Amazon S3
5214
+ # behaves as if the object was deleted and includes
5215
+ # `x-amz-delete-marker: true` in the response.
5153
5216
  #
5154
5217
  # </note>
5155
5218
  #
@@ -5233,19 +5296,19 @@ module Aws::S3
5233
5296
  # When using this action with an access point, you must direct requests
5234
5297
  # to the access point hostname. The access point hostname takes the form
5235
5298
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5236
- # When using this action with an access point through the AWS SDKs, you
5237
- # provide the access point ARN in place of the bucket name. For more
5238
- # information about access point ARNs, see [Using access points][1] in
5239
- # the *Amazon S3 User Guide*.
5299
+ # When using this action with an access point through the Amazon Web
5300
+ # Services SDKs, you provide the access point ARN in place of the bucket
5301
+ # name. For more information about access point ARNs, see [Using access
5302
+ # points][1] in the *Amazon S3 User Guide*.
5240
5303
  #
5241
5304
  # When using this action with Amazon S3 on Outposts, you must direct
5242
5305
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5243
5306
  # takes the form
5244
5307
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5245
- # When using this action using S3 on Outposts through the AWS SDKs, you
5246
- # provide the Outposts bucket ARN in place of the bucket name. For more
5247
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
5248
- # in the *Amazon S3 User Guide*.
5308
+ # When using this action using S3 on Outposts through the Amazon Web
5309
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
5310
+ # bucket name. For more information about S3 on Outposts ARNs, see
5311
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
5249
5312
  #
5250
5313
  #
5251
5314
  #
@@ -5559,10 +5622,10 @@ module Aws::S3
5559
5622
  # When using this action with an access point, you must direct requests
5560
5623
  # to the access point hostname. The access point hostname takes the form
5561
5624
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5562
- # When using this action with an access point through the AWS SDKs, you
5563
- # provide the access point ARN in place of the bucket name. For more
5564
- # information about access point ARNs, see [Using access points][1] in
5565
- # the *Amazon S3 User Guide*.
5625
+ # When using this action with an access point through the Amazon Web
5626
+ # Services SDKs, you provide the access point ARN in place of the bucket
5627
+ # name. For more information about access point ARNs, see [Using access
5628
+ # points][1] in the *Amazon S3 User Guide*.
5566
5629
  #
5567
5630
  #
5568
5631
  #
@@ -5696,10 +5759,10 @@ module Aws::S3
5696
5759
  # When using this action with an access point, you must direct requests
5697
5760
  # to the access point hostname. The access point hostname takes the form
5698
5761
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5699
- # When using this action with an access point through the AWS SDKs, you
5700
- # provide the access point ARN in place of the bucket name. For more
5701
- # information about access point ARNs, see [Using access points][1] in
5702
- # the *Amazon S3 User Guide*.
5762
+ # When using this action with an access point through the Amazon Web
5763
+ # Services SDKs, you provide the access point ARN in place of the bucket
5764
+ # name. For more information about access point ARNs, see [Using access
5765
+ # points][1] in the *Amazon S3 User Guide*.
5703
5766
  #
5704
5767
  #
5705
5768
  #
@@ -5771,10 +5834,10 @@ module Aws::S3
5771
5834
  # When using this action with an access point, you must direct requests
5772
5835
  # to the access point hostname. The access point hostname takes the form
5773
5836
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5774
- # When using this action with an access point through the AWS SDKs, you
5775
- # provide the access point ARN in place of the bucket name. For more
5776
- # information about access point ARNs, see [Using access points][1] in
5777
- # the *Amazon S3 User Guide*.
5837
+ # When using this action with an access point through the Amazon Web
5838
+ # Services SDKs, you provide the access point ARN in place of the bucket
5839
+ # name. For more information about access point ARNs, see [Using access
5840
+ # points][1] in the *Amazon S3 User Guide*.
5778
5841
  #
5779
5842
  #
5780
5843
  #
@@ -5828,10 +5891,10 @@ module Aws::S3
5828
5891
  # When using this action with an access point, you must direct requests
5829
5892
  # to the access point hostname. The access point hostname takes the form
5830
5893
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5831
- # When using this action with an access point through the AWS SDKs, you
5832
- # provide the access point ARN in place of the bucket name. For more
5833
- # information about access point ARNs, see [Using access points][1] in
5834
- # the *Amazon S3 User Guide*.
5894
+ # When using this action with an access point through the Amazon Web
5895
+ # Services SDKs, you provide the access point ARN in place of the bucket
5896
+ # name. For more information about access point ARNs, see [Using access
5897
+ # points][1] in the *Amazon S3 User Guide*.
5835
5898
  #
5836
5899
  #
5837
5900
  #
@@ -5924,19 +5987,19 @@ module Aws::S3
5924
5987
  # When using this action with an access point, you must direct requests
5925
5988
  # to the access point hostname. The access point hostname takes the form
5926
5989
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
5927
- # When using this action with an access point through the AWS SDKs, you
5928
- # provide the access point ARN in place of the bucket name. For more
5929
- # information about access point ARNs, see [Using access points][1] in
5930
- # the *Amazon S3 User Guide*.
5990
+ # When using this action with an access point through the Amazon Web
5991
+ # Services SDKs, you provide the access point ARN in place of the bucket
5992
+ # name. For more information about access point ARNs, see [Using access
5993
+ # points][1] in the *Amazon S3 User Guide*.
5931
5994
  #
5932
5995
  # When using this action with Amazon S3 on Outposts, you must direct
5933
5996
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
5934
5997
  # takes the form
5935
5998
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
5936
- # When using this action using S3 on Outposts through the AWS SDKs, you
5937
- # provide the Outposts bucket ARN in place of the bucket name. For more
5938
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
5939
- # in the *Amazon S3 User Guide*.
5999
+ # When using this action using S3 on Outposts through the Amazon Web
6000
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
6001
+ # bucket name. For more information about S3 on Outposts ARNs, see
6002
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
5940
6003
  #
5941
6004
  #
5942
6005
  #
@@ -5971,49 +6034,49 @@ module Aws::S3
5971
6034
  # * {Types::GetObjectTaggingOutput#tag_set #tag_set} => Array&lt;Types::Tag&gt;
5972
6035
  #
5973
6036
  #
5974
- # @example Example: To retrieve tag set of a specific object version
6037
+ # @example Example: To retrieve tag set of an object
5975
6038
  #
5976
- # # The following example retrieves tag set of an object. The request specifies object version.
6039
+ # # The following example retrieves tag set of an object.
5977
6040
  #
5978
6041
  # resp = client.get_object_tagging({
5979
6042
  # bucket: "examplebucket",
5980
- # key: "exampleobject",
5981
- # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
6043
+ # key: "HappyFace.jpg",
5982
6044
  # })
5983
6045
  #
5984
6046
  # resp.to_h outputs the following:
5985
6047
  # {
5986
6048
  # tag_set: [
5987
6049
  # {
5988
- # key: "Key1",
5989
- # value: "Value1",
6050
+ # key: "Key4",
6051
+ # value: "Value4",
6052
+ # },
6053
+ # {
6054
+ # key: "Key3",
6055
+ # value: "Value3",
5990
6056
  # },
5991
6057
  # ],
5992
- # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
6058
+ # version_id: "null",
5993
6059
  # }
5994
6060
  #
5995
- # @example Example: To retrieve tag set of an object
6061
+ # @example Example: To retrieve tag set of a specific object version
5996
6062
  #
5997
- # # The following example retrieves tag set of an object.
6063
+ # # The following example retrieves tag set of an object. The request specifies object version.
5998
6064
  #
5999
6065
  # resp = client.get_object_tagging({
6000
6066
  # bucket: "examplebucket",
6001
- # key: "HappyFace.jpg",
6067
+ # key: "exampleobject",
6068
+ # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
6002
6069
  # })
6003
6070
  #
6004
6071
  # resp.to_h outputs the following:
6005
6072
  # {
6006
6073
  # tag_set: [
6007
6074
  # {
6008
- # key: "Key4",
6009
- # value: "Value4",
6010
- # },
6011
- # {
6012
- # key: "Key3",
6013
- # value: "Value3",
6075
+ # key: "Key1",
6076
+ # value: "Value1",
6014
6077
  # },
6015
6078
  # ],
6016
- # version_id: "null",
6079
+ # version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI",
6017
6080
  # }
6018
6081
  #
6019
6082
  # @example Request syntax with placeholder values
@@ -6222,10 +6285,19 @@ module Aws::S3
6222
6285
  # Operations][1] and [Managing Access Permissions to Your Amazon S3
6223
6286
  # Resources][2].
6224
6287
  #
6288
+ # To use this API against an access point, you must provide the alias of
6289
+ # the access point in place of the bucket name or specify the access
6290
+ # point ARN. When using the access point ARN, you must direct requests
6291
+ # to the access point hostname. The access point hostname takes the form
6292
+ # AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. When
6293
+ # using the Amazon Web Services SDKs, you provide the ARN in place of
6294
+ # the bucket name. For more information see, [Using access points][3].
6295
+ #
6225
6296
  #
6226
6297
  #
6227
6298
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
6228
6299
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
6300
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html
6229
6301
  #
6230
6302
  # @option params [required, String] :bucket
6231
6303
  # The bucket name.
@@ -6233,19 +6305,19 @@ module Aws::S3
6233
6305
  # When using this action with an access point, you must direct requests
6234
6306
  # to the access point hostname. The access point hostname takes the form
6235
6307
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6236
- # When using this action with an access point through the AWS SDKs, you
6237
- # provide the access point ARN in place of the bucket name. For more
6238
- # information about access point ARNs, see [Using access points][1] in
6239
- # the *Amazon S3 User Guide*.
6308
+ # When using this action with an access point through the Amazon Web
6309
+ # Services SDKs, you provide the access point ARN in place of the bucket
6310
+ # name. For more information about access point ARNs, see [Using access
6311
+ # points][1] in the *Amazon S3 User Guide*.
6240
6312
  #
6241
6313
  # When using this action with Amazon S3 on Outposts, you must direct
6242
6314
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
6243
6315
  # takes the form
6244
6316
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
6245
- # When using this action using S3 on Outposts through the AWS SDKs, you
6246
- # provide the Outposts bucket ARN in place of the bucket name. For more
6247
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
6248
- # in the *Amazon S3 User Guide*.
6317
+ # When using this action using S3 on Outposts through the Amazon Web
6318
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
6319
+ # bucket name. For more information about S3 on Outposts ARNs, see
6320
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
6249
6321
  #
6250
6322
  #
6251
6323
  #
@@ -6318,10 +6390,10 @@ module Aws::S3
6318
6390
  #
6319
6391
  # <note markdown="1"> * Encryption request headers, like `x-amz-server-side-encryption`,
6320
6392
  # should not be sent for GET requests if your object uses server-side
6321
- # encryption with CMKs stored in AWS KMS (SSE-KMS) or server-side
6322
- # encryption with Amazon S3–managed encryption keys (SSE-S3). If your
6323
- # object does use these types of keys, you’ll get an HTTP 400
6324
- # BadRequest error.
6393
+ # encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or
6394
+ # server-side encryption with Amazon S3–managed encryption keys
6395
+ # (SSE-S3). If your object does use these types of keys, you’ll get an
6396
+ # HTTP 400 BadRequest error.
6325
6397
  #
6326
6398
  # * The last modified property in this case is the creation date of the
6327
6399
  # object.
@@ -6355,10 +6427,11 @@ module Aws::S3
6355
6427
  #
6356
6428
  # **Permissions**
6357
6429
  #
6358
- # You need the `s3:GetObject` permission for this operation. For more
6359
- # information, see [Specifying Permissions in a Policy][4]. If the
6360
- # object you request does not exist, the error Amazon S3 returns depends
6361
- # on whether you also have the s3:ListBucket permission.
6430
+ # You need the relevant read object (or version) permission for this
6431
+ # operation. For more information, see [Specifying Permissions in a
6432
+ # Policy][4]. If the object you request does not exist, the error Amazon
6433
+ # S3 returns depends on whether you also have the s3:ListBucket
6434
+ # permission.
6362
6435
  #
6363
6436
  # * If you have the `s3:ListBucket` permission on the bucket, Amazon S3
6364
6437
  # returns an HTTP status code 404 ("no such key") error.
@@ -6386,19 +6459,19 @@ module Aws::S3
6386
6459
  # When using this action with an access point, you must direct requests
6387
6460
  # to the access point hostname. The access point hostname takes the form
6388
6461
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
6389
- # When using this action with an access point through the AWS SDKs, you
6390
- # provide the access point ARN in place of the bucket name. For more
6391
- # information about access point ARNs, see [Using access points][1] in
6392
- # the *Amazon S3 User Guide*.
6462
+ # When using this action with an access point through the Amazon Web
6463
+ # Services SDKs, you provide the access point ARN in place of the bucket
6464
+ # name. For more information about access point ARNs, see [Using access
6465
+ # points][1] in the *Amazon S3 User Guide*.
6393
6466
  #
6394
6467
  # When using this action with Amazon S3 on Outposts, you must direct
6395
6468
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
6396
6469
  # takes the form
6397
6470
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
6398
- # When using this action using S3 on Outposts through the AWS SDKs, you
6399
- # provide the Outposts bucket ARN in place of the bucket name. For more
6400
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
6401
- # in the *Amazon S3 User Guide*.
6471
+ # When using this action using S3 on Outposts through the Amazon Web
6472
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
6473
+ # bucket name. For more information about S3 on Outposts ARNs, see
6474
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
6402
6475
  #
6403
6476
  #
6404
6477
  #
@@ -7093,19 +7166,19 @@ module Aws::S3
7093
7166
  # When using this action with an access point, you must direct requests
7094
7167
  # to the access point hostname. The access point hostname takes the form
7095
7168
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7096
- # When using this action with an access point through the AWS SDKs, you
7097
- # provide the access point ARN in place of the bucket name. For more
7098
- # information about access point ARNs, see [Using access points][1] in
7099
- # the *Amazon S3 User Guide*.
7169
+ # When using this action with an access point through the Amazon Web
7170
+ # Services SDKs, you provide the access point ARN in place of the bucket
7171
+ # name. For more information about access point ARNs, see [Using access
7172
+ # points][1] in the *Amazon S3 User Guide*.
7100
7173
  #
7101
7174
  # When using this action with Amazon S3 on Outposts, you must direct
7102
7175
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7103
7176
  # takes the form
7104
7177
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7105
- # When using this action using S3 on Outposts through the AWS SDKs, you
7106
- # provide the Outposts bucket ARN in place of the bucket name. For more
7107
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
7108
- # in the *Amazon S3 User Guide*.
7178
+ # When using this action using S3 on Outposts through the Amazon Web
7179
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
7180
+ # bucket name. For more information about S3 on Outposts ARNs, see
7181
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
7109
7182
  #
7110
7183
  #
7111
7184
  #
@@ -7185,97 +7258,97 @@ module Aws::S3
7185
7258
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
7186
7259
  #
7187
7260
  #
7188
- # @example Example: To list in-progress multipart uploads on a bucket
7261
+ # @example Example: List next set of multipart uploads when previous result is truncated
7189
7262
  #
7190
- # # The following example lists in-progress multipart uploads on a specific bucket.
7263
+ # # The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next
7264
+ # # setup of multipart uploads.
7191
7265
  #
7192
7266
  # resp = client.list_multipart_uploads({
7193
7267
  # bucket: "examplebucket",
7268
+ # key_marker: "nextkeyfrompreviousresponse",
7269
+ # max_uploads: 2,
7270
+ # upload_id_marker: "valuefrompreviousresponse",
7194
7271
  # })
7195
7272
  #
7196
7273
  # resp.to_h outputs the following:
7197
7274
  # {
7275
+ # bucket: "acl1",
7276
+ # is_truncated: true,
7277
+ # key_marker: "",
7278
+ # max_uploads: 2,
7279
+ # next_key_marker: "someobjectkey",
7280
+ # next_upload_id_marker: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--",
7281
+ # upload_id_marker: "",
7198
7282
  # uploads: [
7199
7283
  # {
7200
7284
  # initiated: Time.parse("2014-05-01T05:40:58.000Z"),
7201
7285
  # initiator: {
7202
- # display_name: "display-name",
7286
+ # display_name: "ownder-display-name",
7203
7287
  # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7204
7288
  # },
7205
7289
  # key: "JavaFile",
7206
7290
  # owner: {
7207
- # display_name: "display-name",
7208
- # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7291
+ # display_name: "mohanataws",
7292
+ # id: "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7209
7293
  # },
7210
7294
  # storage_class: "STANDARD",
7211
- # upload_id: "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--",
7295
+ # upload_id: "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--",
7212
7296
  # },
7213
7297
  # {
7214
7298
  # initiated: Time.parse("2014-05-01T05:41:27.000Z"),
7215
7299
  # initiator: {
7216
- # display_name: "display-name",
7300
+ # display_name: "ownder-display-name",
7217
7301
  # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7218
7302
  # },
7219
7303
  # key: "JavaFile",
7220
7304
  # owner: {
7221
- # display_name: "display-name",
7305
+ # display_name: "ownder-display-name",
7222
7306
  # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7223
7307
  # },
7224
7308
  # storage_class: "STANDARD",
7225
- # upload_id: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--",
7309
+ # upload_id: "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--",
7226
7310
  # },
7227
7311
  # ],
7228
7312
  # }
7229
7313
  #
7230
- # @example Example: List next set of multipart uploads when previous result is truncated
7314
+ # @example Example: To list in-progress multipart uploads on a bucket
7231
7315
  #
7232
- # # The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next
7233
- # # setup of multipart uploads.
7316
+ # # The following example lists in-progress multipart uploads on a specific bucket.
7234
7317
  #
7235
7318
  # resp = client.list_multipart_uploads({
7236
7319
  # bucket: "examplebucket",
7237
- # key_marker: "nextkeyfrompreviousresponse",
7238
- # max_uploads: 2,
7239
- # upload_id_marker: "valuefrompreviousresponse",
7240
7320
  # })
7241
7321
  #
7242
7322
  # resp.to_h outputs the following:
7243
7323
  # {
7244
- # bucket: "acl1",
7245
- # is_truncated: true,
7246
- # key_marker: "",
7247
- # max_uploads: 2,
7248
- # next_key_marker: "someobjectkey",
7249
- # next_upload_id_marker: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--",
7250
- # upload_id_marker: "",
7251
7324
  # uploads: [
7252
7325
  # {
7253
7326
  # initiated: Time.parse("2014-05-01T05:40:58.000Z"),
7254
7327
  # initiator: {
7255
- # display_name: "ownder-display-name",
7328
+ # display_name: "display-name",
7256
7329
  # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7257
7330
  # },
7258
7331
  # key: "JavaFile",
7259
7332
  # owner: {
7260
- # display_name: "mohanataws",
7261
- # id: "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7333
+ # display_name: "display-name",
7334
+ # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7262
7335
  # },
7263
7336
  # storage_class: "STANDARD",
7264
- # upload_id: "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--",
7337
+ # upload_id: "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--",
7265
7338
  # },
7266
7339
  # {
7267
7340
  # initiated: Time.parse("2014-05-01T05:41:27.000Z"),
7268
7341
  # initiator: {
7269
- # display_name: "ownder-display-name",
7342
+ # display_name: "display-name",
7270
7343
  # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7271
7344
  # },
7272
7345
  # key: "JavaFile",
7273
7346
  # owner: {
7274
- # display_name: "ownder-display-name",
7347
+ # display_name: "display-name",
7275
7348
  # id: "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc",
7276
7349
  # },
7277
7350
  # storage_class: "STANDARD",
7278
- # upload_id: "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--",
7351
+ # upload_id: "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--",
7279
7352
  # },
7280
7353
  # ],
7281
7354
  # }
@@ -7558,19 +7631,19 @@ module Aws::S3
7558
7631
  # When using this action with an access point, you must direct requests
7559
7632
  # to the access point hostname. The access point hostname takes the form
7560
7633
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7561
- # When using this action with an access point through the AWS SDKs, you
7562
- # provide the access point ARN in place of the bucket name. For more
7563
- # information about access point ARNs, see [Using access points][1] in
7564
- # the *Amazon S3 User Guide*.
7634
+ # When using this action with an access point through the Amazon Web
7635
+ # Services SDKs, you provide the access point ARN in place of the bucket
7636
+ # name. For more information about access point ARNs, see [Using access
7637
+ # points][1] in the *Amazon S3 User Guide*.
7565
7638
  #
7566
7639
  # When using this action with Amazon S3 on Outposts, you must direct
7567
7640
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7568
7641
  # takes the form
7569
7642
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7570
- # When using this action using S3 on Outposts through the AWS SDKs, you
7571
- # provide the Outposts bucket ARN in place of the bucket name. For more
7572
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
7573
- # in the *Amazon S3 User Guide*.
7643
+ # When using this action using S3 on Outposts through the Amazon Web
7644
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
7645
+ # bucket name. For more information about S3 on Outposts ARNs, see
7646
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
7574
7647
  #
7575
7648
  #
7576
7649
  #
@@ -7589,7 +7662,9 @@ module Aws::S3
7589
7662
  # parameter to request that Amazon S3 encode the keys in the response.
7590
7663
  #
7591
7664
  # @option params [String] :marker
7592
- # Specifies the key to start with when listing objects in a bucket.
7665
+ # Marker is where you want Amazon S3 to start listing from. Amazon S3
7666
+ # starts listing after this specified key. Marker can be any key in the
7667
+ # bucket.
7593
7668
  #
7594
7669
  # @option params [Integer] :max_keys
7595
7670
  # Sets the maximum number of keys returned in the response. By default
@@ -7717,10 +7792,10 @@ module Aws::S3
7717
7792
  #
7718
7793
  # To use this operation, you must have READ access to the bucket.
7719
7794
  #
7720
- # To use this action in an AWS Identity and Access Management (IAM)
7721
- # policy, you must have permissions to perform the `s3:ListBucket`
7722
- # action. The bucket owner has this permission by default and can grant
7723
- # this permission to others. For more information about permissions, see
7795
+ # To use this action in an Identity and Access Management (IAM) policy,
7796
+ # you must have permissions to perform the `s3:ListBucket` action. The
7797
+ # bucket owner has this permission by default and can grant this
7798
+ # permission to others. For more information about permissions, see
7724
7799
  # [Permissions Related to Bucket Subresource Operations][2] and
7725
7800
  # [Managing Access Permissions to Your Amazon S3 Resources][3].
7726
7801
  #
@@ -7756,19 +7831,19 @@ module Aws::S3
7756
7831
  # When using this action with an access point, you must direct requests
7757
7832
  # to the access point hostname. The access point hostname takes the form
7758
7833
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7759
- # When using this action with an access point through the AWS SDKs, you
7760
- # provide the access point ARN in place of the bucket name. For more
7761
- # information about access point ARNs, see [Using access points][1] in
7762
- # the *Amazon S3 User Guide*.
7834
+ # When using this action with an access point through the Amazon Web
7835
+ # Services SDKs, you provide the access point ARN in place of the bucket
7836
+ # name. For more information about access point ARNs, see [Using access
7837
+ # points][1] in the *Amazon S3 User Guide*.
7763
7838
  #
7764
7839
  # When using this action with Amazon S3 on Outposts, you must direct
7765
7840
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7766
7841
  # takes the form
7767
7842
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7768
- # When using this action using S3 on Outposts through the AWS SDKs, you
7769
- # provide the Outposts bucket ARN in place of the bucket name. For more
7770
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
7771
- # in the *Amazon S3 User Guide*.
7843
+ # When using this action using S3 on Outposts through the Amazon Web
7844
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
7845
+ # bucket name. For more information about S3 on Outposts ARNs, see
7846
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
7772
7847
  #
7773
7848
  #
7774
7849
  #
@@ -7962,19 +8037,19 @@ module Aws::S3
7962
8037
  # When using this action with an access point, you must direct requests
7963
8038
  # to the access point hostname. The access point hostname takes the form
7964
8039
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
7965
- # When using this action with an access point through the AWS SDKs, you
7966
- # provide the access point ARN in place of the bucket name. For more
7967
- # information about access point ARNs, see [Using access points][1] in
7968
- # the *Amazon S3 User Guide*.
8040
+ # When using this action with an access point through the Amazon Web
8041
+ # Services SDKs, you provide the access point ARN in place of the bucket
8042
+ # name. For more information about access point ARNs, see [Using access
8043
+ # points][1] in the *Amazon S3 User Guide*.
7969
8044
  #
7970
8045
  # When using this action with Amazon S3 on Outposts, you must direct
7971
8046
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
7972
8047
  # takes the form
7973
8048
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
7974
- # When using this action using S3 on Outposts through the AWS SDKs, you
7975
- # provide the Outposts bucket ARN in place of the bucket name. For more
7976
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
7977
- # in the *Amazon S3 User Guide*.
8049
+ # When using this action using S3 on Outposts through the Amazon Web
8050
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
8051
+ # bucket name. For more information about S3 on Outposts ARNs, see
8052
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
7978
8053
  #
7979
8054
  #
7980
8055
  #
@@ -8225,26 +8300,26 @@ module Aws::S3
8225
8300
  # * Specify access permissions explicitly with the `x-amz-grant-read`,
8226
8301
  # `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and
8227
8302
  # `x-amz-grant-full-control` headers. When using these headers, you
8228
- # specify explicit access permissions and grantees (AWS accounts or
8229
- # Amazon S3 groups) who will receive the permission. If you use these
8230
- # ACL-specific headers, you cannot use the `x-amz-acl` header to set a
8231
- # canned ACL. These parameters map to the set of permissions that
8232
- # Amazon S3 supports in an ACL. For more information, see [Access
8233
- # Control List (ACL) Overview][3].
8303
+ # specify explicit access permissions and grantees (Amazon Web
8304
+ # Services accounts or Amazon S3 groups) who will receive the
8305
+ # permission. If you use these ACL-specific headers, you cannot use
8306
+ # the `x-amz-acl` header to set a canned ACL. These parameters map to
8307
+ # the set of permissions that Amazon S3 supports in an ACL. For more
8308
+ # information, see [Access Control List (ACL) Overview][3].
8234
8309
  #
8235
8310
  # You specify each grantee as a type=value pair, where the type is one
8236
8311
  # of the following:
8237
8312
  #
8238
- # * `id` – if the value specified is the canonical user ID of an AWS
8239
- # account
8313
+ # * `id` – if the value specified is the canonical user ID of an
8314
+ # Amazon Web Services account
8240
8315
  #
8241
8316
  # * `uri` – if you are granting permissions to a predefined group
8242
8317
  #
8243
8318
  # * `emailAddress` – if the value specified is the email address of an
8244
- # AWS account
8319
+ # Amazon Web Services account
8245
8320
  #
8246
8321
  # <note markdown="1"> Using email addresses to specify a grantee is only supported in
8247
- # the following AWS Regions:
8322
+ # the following Amazon Web Services Regions:
8248
8323
  #
8249
8324
  # * US East (N. Virginia)
8250
8325
  #
@@ -8263,14 +8338,15 @@ module Aws::S3
8263
8338
  # * South America (São Paulo)
8264
8339
  #
8265
8340
  # For a list of all the Amazon S3 supported Regions and endpoints,
8266
- # see [Regions and Endpoints][4] in the AWS General Reference.
8341
+ # see [Regions and Endpoints][4] in the Amazon Web Services General
8342
+ # Reference.
8267
8343
  #
8268
8344
  # </note>
8269
8345
  #
8270
8346
  # For example, the following `x-amz-grant-write` header grants create,
8271
8347
  # overwrite, and delete objects permission to LogDelivery group
8272
- # predefined by Amazon S3 and two AWS accounts identified by their
8273
- # email addresses.
8348
+ # predefined by Amazon S3 and two Amazon Web Services accounts
8349
+ # identified by their email addresses.
8274
8350
  #
8275
8351
  # `x-amz-grant-write:
8276
8352
  # uri="http://acs.amazonaws.com/groups/s3/LogDelivery",
@@ -8306,7 +8382,7 @@ module Aws::S3
8306
8382
  # GET Object acl request, appears as the CanonicalUser.
8307
8383
  #
8308
8384
  # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
8309
- # following AWS Regions:
8385
+ # following Amazon Web Services Regions:
8310
8386
  #
8311
8387
  # * US East (N. Virginia)
8312
8388
  #
@@ -8325,7 +8401,8 @@ module Aws::S3
8325
8401
  # * South America (São Paulo)
8326
8402
  #
8327
8403
  # For a list of all the Amazon S3 supported Regions and endpoints, see
8328
- # [Regions and Endpoints][4] in the AWS General Reference.
8404
+ # [Regions and Endpoints][4] in the Amazon Web Services General
8405
+ # Reference.
8329
8406
  #
8330
8407
  # </note>
8331
8408
  #
@@ -8362,8 +8439,9 @@ module Aws::S3
8362
8439
  # used as a message integrity check to verify that the request body was
8363
8440
  # not corrupted in transit. For more information, go to [RFC 1864.][1]
8364
8441
  #
8365
- # For requests made using the AWS Command Line Interface (CLI) or AWS
8366
- # SDKs, this field is calculated automatically.
8442
+ # For requests made using the Amazon Web Services Command Line Interface
8443
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
8444
+ # automatically.
8367
8445
  #
8368
8446
  #
8369
8447
  #
@@ -8652,8 +8730,9 @@ module Aws::S3
8652
8730
  # used as a message integrity check to verify that the request body was
8653
8731
  # not corrupted in transit. For more information, go to [RFC 1864.][1]
8654
8732
  #
8655
- # For requests made using the AWS Command Line Interface (CLI) or AWS
8656
- # SDKs, this field is calculated automatically.
8733
+ # For requests made using the Amazon Web Services Command Line Interface
8734
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
8735
+ # automatically.
8657
8736
  #
8658
8737
  #
8659
8738
  #
@@ -8743,15 +8822,16 @@ module Aws::S3
8743
8822
  # encryption and Amazon S3 Bucket Key for an existing bucket.
8744
8823
  #
8745
8824
  # Default encryption for a bucket can use server-side encryption with
8746
- # Amazon S3-managed keys (SSE-S3) or AWS KMS customer master keys
8747
- # (SSE-KMS). If you specify default encryption using SSE-KMS, you can
8748
- # also configure Amazon S3 Bucket Key. For information about default
8749
- # encryption, see [Amazon S3 default bucket encryption][1] in the
8750
- # *Amazon S3 User Guide*. For more information about S3 Bucket Keys, see
8751
- # [Amazon S3 Bucket Keys][2] in the *Amazon S3 User Guide*.
8825
+ # Amazon S3-managed keys (SSE-S3) or Amazon Web Services KMS customer
8826
+ # master keys (SSE-KMS). If you specify default encryption using
8827
+ # SSE-KMS, you can also configure Amazon S3 Bucket Key. For information
8828
+ # about default encryption, see [Amazon S3 default bucket encryption][1]
8829
+ # in the *Amazon S3 User Guide*. For more information about S3 Bucket
8830
+ # Keys, see [Amazon S3 Bucket Keys][2] in the *Amazon S3 User Guide*.
8752
8831
  #
8753
- # This action requires AWS Signature Version 4. For more information,
8754
- # see [ Authenticating Requests (AWS Signature Version 4)][3].
8832
+ # This action requires Amazon Web Services Signature Version 4. For more
8833
+ # information, see [ Authenticating Requests (Amazon Web Services
8834
+ # Signature Version 4)][3].
8755
8835
  #
8756
8836
  # To use this operation, you must have permissions to perform the
8757
8837
  # `s3:PutEncryptionConfiguration` action. The bucket owner has this
@@ -8780,9 +8860,9 @@ module Aws::S3
8780
8860
  # @option params [required, String] :bucket
8781
8861
  # Specifies default encryption for a bucket using server-side encryption
8782
8862
  # with Amazon S3-managed keys (SSE-S3) or customer master keys stored in
8783
- # AWS KMS (SSE-KMS). For information about the Amazon S3 default
8784
- # encryption feature, see [Amazon S3 Default Bucket Encryption][1] in
8785
- # the *Amazon S3 User Guide*.
8863
+ # Amazon Web Services KMS (SSE-KMS). For information about the Amazon S3
8864
+ # default encryption feature, see [Amazon S3 Default Bucket
8865
+ # Encryption][1] in the *Amazon S3 User Guide*.
8786
8866
  #
8787
8867
  #
8788
8868
  #
@@ -8792,8 +8872,9 @@ module Aws::S3
8792
8872
  # The base64-encoded 128-bit MD5 digest of the server-side encryption
8793
8873
  # configuration.
8794
8874
  #
8795
- # For requests made using the AWS Command Line Interface (CLI) or AWS
8796
- # SDKs, this field is calculated automatically.
8875
+ # For requests made using the Amazon Web Services Command Line Interface
8876
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
8877
+ # automatically.
8797
8878
  #
8798
8879
  # @option params [required, Types::ServerSideEncryptionConfiguration] :server_side_encryption_configuration
8799
8880
  # Specifies the default server-side-encryption configuration.
@@ -8962,8 +9043,8 @@ module Aws::S3
8962
9043
  # on a daily or weekly basis, and the results are published to a flat
8963
9044
  # file. The bucket that is inventoried is called the *source* bucket,
8964
9045
  # and the bucket where the inventory flat file is stored is called the
8965
- # *destination* bucket. The *destination* bucket must be in the same AWS
8966
- # Region as the *source* bucket.
9046
+ # *destination* bucket. The *destination* bucket must be in the same
9047
+ # Amazon Web Services Region as the *source* bucket.
8967
9048
  #
8968
9049
  # When you configure an inventory for a *source* bucket, you specify the
8969
9050
  # *destination* bucket where you want the inventory to be stored, and
@@ -9098,10 +9179,10 @@ module Aws::S3
9098
9179
  #
9099
9180
  # By default, all Amazon S3 resources, including buckets, objects, and
9100
9181
  # related subresources (for example, lifecycle configuration and website
9101
- # configuration) are private. Only the resource owner, the AWS account
9102
- # that created the resource, can access it. The resource owner can
9103
- # optionally grant access permissions to others by writing an access
9104
- # policy. For this operation, users must get the
9182
+ # configuration) are private. Only the resource owner, the Amazon Web
9183
+ # Services account that created the resource, can access it. The
9184
+ # resource owner can optionally grant access permissions to others by
9185
+ # writing an access policy. For this operation, users must get the
9105
9186
  # `s3:PutLifecycleConfiguration` permission.
9106
9187
  #
9107
9188
  # You can also explicitly deny permissions. Explicit denial also
@@ -9132,10 +9213,10 @@ module Aws::S3
9132
9213
  # * [RestoreObject][7]
9133
9214
  #
9134
9215
  # * By default, a resource owner—in this case, a bucket owner, which is
9135
- # the AWS account that created the bucket—can perform any of the
9136
- # operations. A resource owner can also grant others permission to
9137
- # perform the operation. For more information, see the following
9138
- # topics in the Amazon S3 User Guide:
9216
+ # the Amazon Web Services account that created the bucket—can perform
9217
+ # any of the operations. A resource owner can also grant others
9218
+ # permission to perform the operation. For more information, see the
9219
+ # following topics in the Amazon S3 User Guide:
9139
9220
  #
9140
9221
  # * [Specifying Permissions in a Policy][8]
9141
9222
  #
@@ -9155,8 +9236,9 @@ module Aws::S3
9155
9236
  # @option params [required, String] :bucket
9156
9237
  #
9157
9238
  # @option params [String] :content_md5
9158
- # For requests made using the AWS Command Line Interface (CLI) or AWS
9159
- # SDKs, this field is calculated automatically.
9239
+ # For requests made using the Amazon Web Services Command Line Interface
9240
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
9241
+ # automatically.
9160
9242
  #
9161
9243
  # @option params [Types::LifecycleConfiguration] :lifecycle_configuration
9162
9244
  #
@@ -9255,10 +9337,10 @@ module Aws::S3
9255
9337
  # By default, all Amazon S3 resources are private, including buckets,
9256
9338
  # objects, and related subresources (for example, lifecycle
9257
9339
  # configuration and website configuration). Only the resource owner
9258
- # (that is, the AWS account that created it) can access the resource.
9259
- # The resource owner can optionally grant access permissions to others
9260
- # by writing an access policy. For this operation, a user must get the
9261
- # s3:PutLifecycleConfiguration permission.
9340
+ # (that is, the Amazon Web Services account that created it) can access
9341
+ # the resource. The resource owner can optionally grant access
9342
+ # permissions to others by writing an access policy. For this operation,
9343
+ # a user must get the s3:PutLifecycleConfiguration permission.
9262
9344
  #
9263
9345
  # You can also explicitly deny permissions. Explicit deny also
9264
9346
  # supersedes any other permissions. If you want to block users or
@@ -9402,8 +9484,8 @@ module Aws::S3
9402
9484
 
9403
9485
  # Set the logging parameters for a bucket and to specify permissions for
9404
9486
  # who can view and modify the logging parameters. All logs are saved to
9405
- # buckets in the same AWS Region as the source bucket. To set the
9406
- # logging status of a bucket, you must be the bucket owner.
9487
+ # buckets in the same Amazon Web Services Region as the source bucket.
9488
+ # To set the logging status of a bucket, you must be the bucket owner.
9407
9489
  #
9408
9490
  # The bucket owner is automatically granted FULL\_CONTROL to all logs.
9409
9491
  # You use the `Grantee` request element to grant access to other people.
@@ -9477,8 +9559,9 @@ module Aws::S3
9477
9559
  # @option params [String] :content_md5
9478
9560
  # The MD5 hash of the `PutBucketLogging` request body.
9479
9561
  #
9480
- # For requests made using the AWS Command Line Interface (CLI) or AWS
9481
- # SDKs, this field is calculated automatically.
9562
+ # For requests made using the Amazon Web Services Command Line Interface
9563
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
9564
+ # automatically.
9482
9565
  #
9483
9566
  # @option params [String] :expected_bucket_owner
9484
9567
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -9656,8 +9739,9 @@ module Aws::S3
9656
9739
  # @option params [String] :content_md5
9657
9740
  # The MD5 hash of the `PutPublicAccessBlock` request body.
9658
9741
  #
9659
- # For requests made using the AWS Command Line Interface (CLI) or AWS
9660
- # SDKs, this field is calculated automatically.
9742
+ # For requests made using the Amazon Web Services Command Line Interface
9743
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
9744
+ # automatically.
9661
9745
  #
9662
9746
  # @option params [required, Types::NotificationConfigurationDeprecated] :notification_configuration
9663
9747
  # The container for the configuration.
@@ -9732,7 +9816,7 @@ module Aws::S3
9732
9816
  # Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue
9733
9817
  # Service (Amazon SQS) destination exists, and that the bucket owner has
9734
9818
  # permission to publish to it by sending a test notification. In the
9735
- # case of AWS Lambda destinations, Amazon S3 verifies that the Lambda
9819
+ # case of Lambda destinations, Amazon S3 verifies that the Lambda
9736
9820
  # function permissions grant Amazon S3 permission to invoke the function
9737
9821
  # from the Amazon S3 bucket. For more information, see [Configuring
9738
9822
  # Notifications for Amazon S3 Events][1].
@@ -9903,8 +9987,9 @@ module Aws::S3
9903
9987
  # @option params [String] :content_md5
9904
9988
  # The MD5 hash of the `OwnershipControls` request body.
9905
9989
  #
9906
- # For requests made using the AWS Command Line Interface (CLI) or AWS
9907
- # SDKs, this field is calculated automatically.
9990
+ # For requests made using the Amazon Web Services Command Line Interface
9991
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
9992
+ # automatically.
9908
9993
  #
9909
9994
  # @option params [String] :expected_bucket_owner
9910
9995
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -9942,22 +10027,22 @@ module Aws::S3
9942
10027
  end
9943
10028
 
9944
10029
  # Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are
9945
- # using an identity other than the root user of the AWS account that
9946
- # owns the bucket, the calling identity must have the `PutBucketPolicy`
9947
- # permissions on the specified bucket and belong to the bucket owner's
9948
- # account in order to use this operation.
10030
+ # using an identity other than the root user of the Amazon Web Services
10031
+ # account that owns the bucket, the calling identity must have the
10032
+ # `PutBucketPolicy` permissions on the specified bucket and belong to
10033
+ # the bucket owner's account in order to use this operation.
9949
10034
  #
9950
10035
  # If you don't have `PutBucketPolicy` permissions, Amazon S3 returns a
9951
10036
  # `403 Access Denied` error. If you have the correct permissions, but
9952
10037
  # you're not using an identity that belongs to the bucket owner's
9953
10038
  # account, Amazon S3 returns a `405 Method Not Allowed` error.
9954
10039
  #
9955
- # As a security precaution, the root user of the AWS account that owns a
9956
- # bucket can always use this operation, even if the policy explicitly
9957
- # denies the root user the ability to perform this action.
10040
+ # As a security precaution, the root user of the Amazon Web Services
10041
+ # account that owns a bucket can always use this operation, even if the
10042
+ # policy explicitly denies the root user the ability to perform this
10043
+ # action.
9958
10044
  #
9959
- # For more information about bucket policies, see [Using Bucket Policies
9960
- # and User Policies][1].
10045
+ # For more information, see [Bucket policy examples][1].
9961
10046
  #
9962
10047
  # The following operations are related to `PutBucketPolicy`\:
9963
10048
  #
@@ -9967,7 +10052,7 @@ module Aws::S3
9967
10052
  #
9968
10053
  #
9969
10054
  #
9970
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html
10055
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html
9971
10056
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html
9972
10057
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html
9973
10058
  #
@@ -9977,8 +10062,9 @@ module Aws::S3
9977
10062
  # @option params [String] :content_md5
9978
10063
  # The MD5 hash of the request body.
9979
10064
  #
9980
- # For requests made using the AWS Command Line Interface (CLI) or AWS
9981
- # SDKs, this field is calculated automatically.
10065
+ # For requests made using the Amazon Web Services Command Line Interface
10066
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
10067
+ # automatically.
9982
10068
  #
9983
10069
  # @option params [Boolean] :confirm_remove_self_bucket_access
9984
10070
  # Set this parameter to true to confirm that you want to remove your
@@ -10026,11 +10112,6 @@ module Aws::S3
10026
10112
  # Creates a replication configuration or replaces an existing one. For
10027
10113
  # more information, see [Replication][1] in the *Amazon S3 User Guide*.
10028
10114
  #
10029
- # <note markdown="1"> To perform this operation, the user or role performing the action must
10030
- # have the [iam:PassRole][2] permission.
10031
- #
10032
- # </note>
10033
- #
10034
10115
  # Specify the replication configuration in the request body. In the
10035
10116
  # replication configuration, you provide the name of the destination
10036
10117
  # bucket or buckets where you want Amazon S3 to replicate objects, the
@@ -10052,32 +10133,43 @@ module Aws::S3
10052
10133
  #
10053
10134
  # <note markdown="1"> If you are using an earlier version of the replication configuration,
10054
10135
  # Amazon S3 handles replication of delete markers differently. For more
10055
- # information, see [Backward Compatibility][3].
10136
+ # information, see [Backward Compatibility][2].
10056
10137
  #
10057
10138
  # </note>
10058
10139
  #
10059
10140
  # For information about enabling versioning on a bucket, see [Using
10060
- # Versioning][4].
10061
- #
10062
- # By default, a resource owner, in this case the AWS account that
10063
- # created the bucket, can perform this operation. The resource owner can
10064
- # also grant others permissions to perform the operation. For more
10065
- # information about permissions, see [Specifying Permissions in a
10066
- # Policy][5] and [Managing Access Permissions to Your Amazon S3
10067
- # Resources][6].
10141
+ # Versioning][3].
10068
10142
  #
10069
10143
  # **Handling Replication of Encrypted Objects**
10070
10144
  #
10071
10145
  # By default, Amazon S3 doesn't replicate objects that are stored at
10072
- # rest using server-side encryption with CMKs stored in AWS KMS. To
10073
- # replicate AWS KMS-encrypted objects, add the following:
10074
- # `SourceSelectionCriteria`, `SseKmsEncryptedObjects`, `Status`,
10075
- # `EncryptionConfiguration`, and `ReplicaKmsKeyID`. For information
10076
- # about replication configuration, see [Replicating Objects Created with
10077
- # SSE Using CMKs stored in AWS KMS][7].
10146
+ # rest using server-side encryption with CMKs stored in Amazon Web
10147
+ # Services KMS. To replicate Amazon Web Services KMS-encrypted objects,
10148
+ # add the following: `SourceSelectionCriteria`,
10149
+ # `SseKmsEncryptedObjects`, `Status`, `EncryptionConfiguration`, and
10150
+ # `ReplicaKmsKeyID`. For information about replication configuration,
10151
+ # see [Replicating Objects Created with SSE Using CMKs stored in Amazon
10152
+ # Web Services KMS][4].
10078
10153
  #
10079
10154
  # For information on `PutBucketReplication` errors, see [List of
10080
- # replication-related error codes][8]
10155
+ # replication-related error codes][5]
10156
+ #
10157
+ # **Permissions**
10158
+ #
10159
+ # To create a `PutBucketReplication` request, you must have
10160
+ # `s3:PutReplicationConfiguration` permissions for the bucket.
10161
+ #
10162
+ # By default, a resource owner, in this case the Amazon Web Services
10163
+ # account that created the bucket, can perform this operation. The
10164
+ # resource owner can also grant others permissions to perform the
10165
+ # operation. For more information about permissions, see [Specifying
10166
+ # Permissions in a Policy][6] and [Managing Access Permissions to Your
10167
+ # Amazon S3 Resources][7].
10168
+ #
10169
+ # <note markdown="1"> To perform this operation, the user or role performing the action must
10170
+ # have the [iam:PassRole][8] permission.
10171
+ #
10172
+ # </note>
10081
10173
  #
10082
10174
  # The following operations are related to `PutBucketReplication`\:
10083
10175
  #
@@ -10088,13 +10180,13 @@ module Aws::S3
10088
10180
  #
10089
10181
  #
10090
10182
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html
10091
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
10092
- # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
10093
- # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
10094
- # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
10095
- # [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
10096
- # [7]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
10097
- # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
10183
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-add-config.html#replication-backward-compat-considerations
10184
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
10185
+ # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-config-for-kms-objects.html
10186
+ # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ReplicationErrorCodeList
10187
+ # [6]: https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
10188
+ # [7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
10189
+ # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
10098
10190
  # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketReplication.html
10099
10191
  # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html
10100
10192
  #
@@ -10106,8 +10198,9 @@ module Aws::S3
10106
10198
  # header as a message integrity check to verify that the request body
10107
10199
  # was not corrupted in transit. For more information, see [RFC 1864][1].
10108
10200
  #
10109
- # For requests made using the AWS Command Line Interface (CLI) or AWS
10110
- # SDKs, this field is calculated automatically.
10201
+ # For requests made using the Amazon Web Services Command Line Interface
10202
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
10203
+ # automatically.
10111
10204
  #
10112
10205
  #
10113
10206
  #
@@ -10257,8 +10350,9 @@ module Aws::S3
10257
10350
  # header as a message integrity check to verify that the request body
10258
10351
  # was not corrupted in transit. For more information, see [RFC 1864][1].
10259
10352
  #
10260
- # For requests made using the AWS Command Line Interface (CLI) or AWS
10261
- # SDKs, this field is calculated automatically.
10353
+ # For requests made using the Amazon Web Services Command Line Interface
10354
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
10355
+ # automatically.
10262
10356
  #
10263
10357
  #
10264
10358
  #
@@ -10308,15 +10402,16 @@ module Aws::S3
10308
10402
 
10309
10403
  # Sets the tags for a bucket.
10310
10404
  #
10311
- # Use tags to organize your AWS bill to reflect your own cost structure.
10312
- # To do this, sign up to get your AWS account bill with tag key values
10313
- # included. Then, to see the cost of combined resources, organize your
10314
- # billing information according to resources with the same tag key
10315
- # values. For example, you can tag several resources with a specific
10316
- # application name, and then organize your billing information to see
10317
- # the total cost of that application across several services. For more
10318
- # information, see [Cost Allocation and Tagging][1] and [Using Cost
10319
- # Allocation in Amazon S3 Bucket Tags][2].
10405
+ # Use tags to organize your Amazon Web Services bill to reflect your own
10406
+ # cost structure. To do this, sign up to get your Amazon Web Services
10407
+ # account bill with tag key values included. Then, to see the cost of
10408
+ # combined resources, organize your billing information according to
10409
+ # resources with the same tag key values. For example, you can tag
10410
+ # several resources with a specific application name, and then organize
10411
+ # your billing information to see the total cost of that application
10412
+ # across several services. For more information, see [Cost Allocation
10413
+ # and Tagging][1] and [Using Cost Allocation in Amazon S3 Bucket
10414
+ # Tags][2].
10320
10415
  #
10321
10416
  # <note markdown="1"> When this operation sets the tags for a bucket, it will overwrite any
10322
10417
  # current tags the bucket already has. You cannot use this operation to
@@ -10338,7 +10433,8 @@ module Aws::S3
10338
10433
  # * Description: The tag provided was not a valid tag. This error can
10339
10434
  # occur if the tag did not pass input validation. For information
10340
10435
  # about tag restrictions, see [User-Defined Tag Restrictions][5] and
10341
- # [AWS-Generated Cost Allocation Tag Restrictions][6].
10436
+ # [Amazon Web Services-Generated Cost Allocation Tag
10437
+ # Restrictions][6].
10342
10438
  #
10343
10439
  # ^
10344
10440
  #
@@ -10387,8 +10483,9 @@ module Aws::S3
10387
10483
  # header as a message integrity check to verify that the request body
10388
10484
  # was not corrupted in transit. For more information, see [RFC 1864][1].
10389
10485
  #
10390
- # For requests made using the AWS Command Line Interface (CLI) or AWS
10391
- # SDKs, this field is calculated automatically.
10486
+ # For requests made using the Amazon Web Services Command Line Interface
10487
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
10488
+ # automatically.
10392
10489
  #
10393
10490
  #
10394
10491
  #
@@ -10503,8 +10600,9 @@ module Aws::S3
10503
10600
  # body was not corrupted in transit. For more information, see [RFC
10504
10601
  # 1864][1].
10505
10602
  #
10506
- # For requests made using the AWS Command Line Interface (CLI) or AWS
10507
- # SDKs, this field is calculated automatically.
10603
+ # For requests made using the Amazon Web Services Command Line Interface
10604
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
10605
+ # automatically.
10508
10606
  #
10509
10607
  #
10510
10608
  #
@@ -10640,8 +10738,9 @@ module Aws::S3
10640
10738
  # header as a message integrity check to verify that the request body
10641
10739
  # was not corrupted in transit. For more information, see [RFC 1864][1].
10642
10740
  #
10643
- # For requests made using the AWS Command Line Interface (CLI) or AWS
10644
- # SDKs, this field is calculated automatically.
10741
+ # For requests made using the Amazon Web Services Command Line Interface
10742
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
10743
+ # automatically.
10645
10744
  #
10646
10745
  #
10647
10746
  #
@@ -10738,10 +10837,16 @@ module Aws::S3
10738
10837
  # putting an object to Amazon S3 and compare the returned ETag to the
10739
10838
  # calculated MD5 value.
10740
10839
  #
10741
- # <note markdown="1"> The `Content-MD5` header is required for any request to upload an
10742
- # object with a retention period configured using Amazon S3 Object Lock.
10743
- # For more information about Amazon S3 Object Lock, see [Amazon S3
10744
- # Object Lock Overview][1] in the *Amazon S3 User Guide*.
10840
+ # <note markdown="1"> * To successfully complete the `PutObject` request, you must have the
10841
+ # `s3:PutObject` in your IAM permissions.
10842
+ #
10843
+ # * To successfully change the objects acl of your `PutObject` request,
10844
+ # you must have the `s3:PutObjectAcl` in your IAM permissions.
10845
+ #
10846
+ # * The `Content-MD5` header is required for any request to upload an
10847
+ # object with a retention period configured using Amazon S3 Object
10848
+ # Lock. For more information about Amazon S3 Object Lock, see [Amazon
10849
+ # S3 Object Lock Overview][1] in the *Amazon S3 User Guide*.
10745
10850
  #
10746
10851
  # </note>
10747
10852
  #
@@ -10750,22 +10855,22 @@ module Aws::S3
10750
10855
  # You can optionally request server-side encryption. With server-side
10751
10856
  # encryption, Amazon S3 encrypts your data as it writes it to disks in
10752
10857
  # its data centers and decrypts the data when you access it. You have
10753
- # the option to provide your own encryption key or use AWS managed
10754
- # encryption keys (SSE-S3 or SSE-KMS). For more information, see [Using
10755
- # Server-Side Encryption][2].
10858
+ # the option to provide your own encryption key or use Amazon Web
10859
+ # Services managed encryption keys (SSE-S3 or SSE-KMS). For more
10860
+ # information, see [Using Server-Side Encryption][2].
10756
10861
  #
10757
- # If you request server-side encryption using AWS Key Management Service
10758
- # (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For
10759
- # more information, see [Amazon S3 Bucket Keys][3] in the *Amazon S3
10760
- # User Guide*.
10862
+ # If you request server-side encryption using Amazon Web Services Key
10863
+ # Management Service (SSE-KMS), you can enable an S3 Bucket Key at the
10864
+ # object-level. For more information, see [Amazon S3 Bucket Keys][3] in
10865
+ # the *Amazon S3 User Guide*.
10761
10866
  #
10762
10867
  # **Access Control List (ACL)-Specific Request Headers**
10763
10868
  #
10764
10869
  # You can use headers to grant ACL- based permissions. By default, all
10765
10870
  # objects are private. Only the owner has full access control. When
10766
- # adding a new object, you can grant permissions to individual AWS
10767
- # accounts or to predefined groups defined by Amazon S3. These
10768
- # permissions are then added to the ACL on the object. For more
10871
+ # adding a new object, you can grant permissions to individual Amazon
10872
+ # Web Services accounts or to predefined groups defined by Amazon S3.
10873
+ # These permissions are then added to the ACL on the object. For more
10769
10874
  # information, see [Access Control List (ACL) Overview][4] and [Managing
10770
10875
  # ACLs Using the REST API][5].
10771
10876
  #
@@ -10828,19 +10933,19 @@ module Aws::S3
10828
10933
  # When using this action with an access point, you must direct requests
10829
10934
  # to the access point hostname. The access point hostname takes the form
10830
10935
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
10831
- # When using this action with an access point through the AWS SDKs, you
10832
- # provide the access point ARN in place of the bucket name. For more
10833
- # information about access point ARNs, see [Using access points][1] in
10834
- # the *Amazon S3 User Guide*.
10936
+ # When using this action with an access point through the Amazon Web
10937
+ # Services SDKs, you provide the access point ARN in place of the bucket
10938
+ # name. For more information about access point ARNs, see [Using access
10939
+ # points][1] in the *Amazon S3 User Guide*.
10835
10940
  #
10836
10941
  # When using this action with Amazon S3 on Outposts, you must direct
10837
10942
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
10838
10943
  # takes the form
10839
10944
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
10840
- # When using this action using S3 on Outposts through the AWS SDKs, you
10841
- # provide the Outposts bucket ARN in place of the bucket name. For more
10842
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
10843
- # in the *Amazon S3 User Guide*.
10945
+ # When using this action using S3 on Outposts through the Amazon Web
10946
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
10947
+ # bucket name. For more information about S3 on Outposts ARNs, see
10948
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
10844
10949
  #
10845
10950
  #
10846
10951
  #
@@ -11005,19 +11110,19 @@ module Aws::S3
11005
11110
  #
11006
11111
  # @option params [String] :ssekms_key_id
11007
11112
  # If `x-amz-server-side-encryption` is present and has the value of
11008
- # `aws:kms`, this header specifies the ID of the AWS Key Management
11009
- # Service (AWS KMS) symmetrical customer managed customer master key
11010
- # (CMK) that was used for the object. If you specify
11011
- # `x-amz-server-side-encryption:aws:kms`, but do not provide`
11012
- # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS
11013
- # managed CMK in AWS to protect the data. If the KMS key does not exist
11014
- # in the same account issuing the command, you must use the full ARN and
11015
- # not just the ID.
11113
+ # `aws:kms`, this header specifies the ID of the Amazon Web Services Key
11114
+ # Management Service (Amazon Web Services KMS) symmetrical customer
11115
+ # managed customer master key (CMK) that was used for the object. If you
11116
+ # specify `x-amz-server-side-encryption:aws:kms`, but do not provide`
11117
+ # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
11118
+ # Amazon Web Services managed CMK in Amazon Web Services to protect the
11119
+ # data. If the KMS key does not exist in the same account issuing the
11120
+ # command, you must use the full ARN and not just the ID.
11016
11121
  #
11017
11122
  # @option params [String] :ssekms_encryption_context
11018
- # Specifies the AWS KMS Encryption Context to use for object encryption.
11019
- # The value of this header is a base64-encoded UTF-8 string holding JSON
11020
- # with the encryption context key-value pairs.
11123
+ # Specifies the Amazon Web Services KMS Encryption Context to use for
11124
+ # object encryption. The value of this header is a base64-encoded UTF-8
11125
+ # string holding JSON with the encryption context key-value pairs.
11021
11126
  #
11022
11127
  # @option params [Boolean] :bucket_key_enabled
11023
11128
  # Specifies whether Amazon S3 should use an S3 Bucket Key for object
@@ -11077,134 +11182,134 @@ module Aws::S3
11077
11182
  # * {Types::PutObjectOutput#request_charged #request_charged} => String
11078
11183
  #
11079
11184
  #
11080
- # @example Example: To upload an object
11185
+ # @example Example: To upload an object (specify optional headers)
11081
11186
  #
11082
- # # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
11083
- # # syntax. S3 returns VersionId of the newly created object.
11187
+ # # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
11188
+ # # storage class and use server-side encryption.
11084
11189
  #
11085
11190
  # resp = client.put_object({
11086
11191
  # body: "HappyFace.jpg",
11087
11192
  # bucket: "examplebucket",
11088
11193
  # key: "HappyFace.jpg",
11194
+ # server_side_encryption: "AES256",
11195
+ # storage_class: "STANDARD_IA",
11089
11196
  # })
11090
11197
  #
11091
11198
  # resp.to_h outputs the following:
11092
11199
  # {
11093
11200
  # etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
11094
- # version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk",
11201
+ # server_side_encryption: "AES256",
11202
+ # version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp",
11095
11203
  # }
11096
11204
  #
11097
- # @example Example: To upload object and specify user-defined metadata
11205
+ # @example Example: To upload an object and specify server-side encryption and object tags
11098
11206
  #
11099
- # # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
11100
- # # enabled, S3 returns version ID in response.
11207
+ # # The following example uploads and object. The request specifies the optional server-side encryption option. The request
11208
+ # # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
11101
11209
  #
11102
11210
  # resp = client.put_object({
11103
11211
  # body: "filetoupload",
11104
11212
  # bucket: "examplebucket",
11105
11213
  # key: "exampleobject",
11106
- # metadata: {
11107
- # "metadata1" => "value1",
11108
- # "metadata2" => "value2",
11109
- # },
11214
+ # server_side_encryption: "AES256",
11215
+ # tagging: "key1=value1&key2=value2",
11110
11216
  # })
11111
11217
  #
11112
11218
  # resp.to_h outputs the following:
11113
11219
  # {
11114
11220
  # etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
11115
- # version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0",
11221
+ # server_side_encryption: "AES256",
11222
+ # version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt",
11116
11223
  # }
11117
11224
  #
11118
- # @example Example: To upload an object (specify optional headers)
11225
+ # @example Example: To create an object.
11119
11226
  #
11120
- # # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
11121
- # # storage class and use server-side encryption.
11227
+ # # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
11122
11228
  #
11123
11229
  # resp = client.put_object({
11124
- # body: "HappyFace.jpg",
11230
+ # body: "filetoupload",
11125
11231
  # bucket: "examplebucket",
11126
- # key: "HappyFace.jpg",
11127
- # server_side_encryption: "AES256",
11128
- # storage_class: "STANDARD_IA",
11232
+ # key: "objectkey",
11129
11233
  # })
11130
11234
  #
11131
11235
  # resp.to_h outputs the following:
11132
11236
  # {
11133
11237
  # etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
11134
- # server_side_encryption: "AES256",
11135
- # version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp",
11238
+ # version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ",
11136
11239
  # }
11137
11240
  #
11138
- # @example Example: To create an object.
11241
+ # @example Example: To upload object and specify user-defined metadata
11139
11242
  #
11140
- # # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
11243
+ # # The following example creates an object. The request also specifies optional metadata. If the bucket is versioning
11244
+ # # enabled, S3 returns version ID in response.
11141
11245
  #
11142
11246
  # resp = client.put_object({
11143
11247
  # body: "filetoupload",
11144
11248
  # bucket: "examplebucket",
11145
- # key: "objectkey",
11249
+ # key: "exampleobject",
11250
+ # metadata: {
11251
+ # "metadata1" => "value1",
11252
+ # "metadata2" => "value2",
11253
+ # },
11146
11254
  # })
11147
11255
  #
11148
11256
  # resp.to_h outputs the following:
11149
11257
  # {
11150
11258
  # etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
11151
- # version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ",
11259
+ # version_id: "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0",
11152
11260
  # }
11153
11261
  #
11154
- # @example Example: To upload an object and specify server-side encryption and object tags
11262
+ # @example Example: To upload an object and specify canned ACL.
11155
11263
  #
11156
- # # The following example uploads and object. The request specifies the optional server-side encryption option. The request
11157
- # # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
11264
+ # # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
11265
+ # # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
11158
11266
  #
11159
11267
  # resp = client.put_object({
11268
+ # acl: "authenticated-read",
11160
11269
  # body: "filetoupload",
11161
11270
  # bucket: "examplebucket",
11162
11271
  # key: "exampleobject",
11163
- # server_side_encryption: "AES256",
11164
- # tagging: "key1=value1&key2=value2",
11165
11272
  # })
11166
11273
  #
11167
11274
  # resp.to_h outputs the following:
11168
11275
  # {
11169
11276
  # etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
11170
- # server_side_encryption: "AES256",
11171
- # version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt",
11277
+ # version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr",
11172
11278
  # }
11173
11279
  #
11174
- # @example Example: To upload an object and specify optional tags
11280
+ # @example Example: To upload an object
11175
11281
  #
11176
- # # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
11177
- # # S3 returns version ID of the newly created object.
11282
+ # # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
11283
+ # # syntax. S3 returns VersionId of the newly created object.
11178
11284
  #
11179
11285
  # resp = client.put_object({
11180
- # body: "c:\\HappyFace.jpg",
11286
+ # body: "HappyFace.jpg",
11181
11287
  # bucket: "examplebucket",
11182
11288
  # key: "HappyFace.jpg",
11183
- # tagging: "key1=value1&key2=value2",
11184
11289
  # })
11185
11290
  #
11186
11291
  # resp.to_h outputs the following:
11187
11292
  # {
11188
11293
  # etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
11189
- # version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a",
11294
+ # version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk",
11190
11295
  # }
11191
11296
  #
11192
- # @example Example: To upload an object and specify canned ACL.
11297
+ # @example Example: To upload an object and specify optional tags
11193
11298
  #
11194
- # # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
11195
- # # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
11299
+ # # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
11300
+ # # S3 returns version ID of the newly created object.
11196
11301
  #
11197
11302
  # resp = client.put_object({
11198
- # acl: "authenticated-read",
11199
- # body: "filetoupload",
11303
+ # body: "c:\\HappyFace.jpg",
11200
11304
  # bucket: "examplebucket",
11201
- # key: "exampleobject",
11305
+ # key: "HappyFace.jpg",
11306
+ # tagging: "key1=value1&key2=value2",
11202
11307
  # })
11203
11308
  #
11204
11309
  # resp.to_h outputs the following:
11205
11310
  # {
11206
11311
  # etag: "\"6805f2cfc46c0f04559748bb039d69ae\"",
11207
- # version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr",
11312
+ # version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a",
11208
11313
  # }
11209
11314
  #
11210
11315
  # @example Streaming a file from disk
@@ -11303,26 +11408,26 @@ module Aws::S3
11303
11408
  # * Specify access permissions explicitly with the `x-amz-grant-read`,
11304
11409
  # `x-amz-grant-read-acp`, `x-amz-grant-write-acp`, and
11305
11410
  # `x-amz-grant-full-control` headers. When using these headers, you
11306
- # specify explicit access permissions and grantees (AWS accounts or
11307
- # Amazon S3 groups) who will receive the permission. If you use these
11308
- # ACL-specific headers, you cannot use `x-amz-acl` header to set a
11309
- # canned ACL. These parameters map to the set of permissions that
11310
- # Amazon S3 supports in an ACL. For more information, see [Access
11311
- # Control List (ACL) Overview][2].
11411
+ # specify explicit access permissions and grantees (Amazon Web
11412
+ # Services accounts or Amazon S3 groups) who will receive the
11413
+ # permission. If you use these ACL-specific headers, you cannot use
11414
+ # `x-amz-acl` header to set a canned ACL. These parameters map to the
11415
+ # set of permissions that Amazon S3 supports in an ACL. For more
11416
+ # information, see [Access Control List (ACL) Overview][2].
11312
11417
  #
11313
11418
  # You specify each grantee as a type=value pair, where the type is one
11314
11419
  # of the following:
11315
11420
  #
11316
- # * `id` – if the value specified is the canonical user ID of an AWS
11317
- # account
11421
+ # * `id` – if the value specified is the canonical user ID of an
11422
+ # Amazon Web Services account
11318
11423
  #
11319
11424
  # * `uri` – if you are granting permissions to a predefined group
11320
11425
  #
11321
11426
  # * `emailAddress` – if the value specified is the email address of an
11322
- # AWS account
11427
+ # Amazon Web Services account
11323
11428
  #
11324
11429
  # <note markdown="1"> Using email addresses to specify a grantee is only supported in
11325
- # the following AWS Regions:
11430
+ # the following Amazon Web Services Regions:
11326
11431
  #
11327
11432
  # * US East (N. Virginia)
11328
11433
  #
@@ -11341,13 +11446,14 @@ module Aws::S3
11341
11446
  # * South America (São Paulo)
11342
11447
  #
11343
11448
  # For a list of all the Amazon S3 supported Regions and endpoints,
11344
- # see [Regions and Endpoints][4] in the AWS General Reference.
11449
+ # see [Regions and Endpoints][4] in the Amazon Web Services General
11450
+ # Reference.
11345
11451
  #
11346
11452
  # </note>
11347
11453
  #
11348
11454
  # For example, the following `x-amz-grant-read` header grants list
11349
- # objects permission to the two AWS accounts identified by their email
11350
- # addresses.
11455
+ # objects permission to the two Amazon Web Services accounts
11456
+ # identified by their email addresses.
11351
11457
  #
11352
11458
  # `x-amz-grant-read: emailAddress="xyz@amazon.com",
11353
11459
  # emailAddress="abc@amazon.com" `
@@ -11382,7 +11488,7 @@ module Aws::S3
11382
11488
  # GET Object acl request, appears as the CanonicalUser.
11383
11489
  #
11384
11490
  # <note markdown="1"> Using email addresses to specify a grantee is only supported in the
11385
- # following AWS Regions:
11491
+ # following Amazon Web Services Regions:
11386
11492
  #
11387
11493
  # * US East (N. Virginia)
11388
11494
  #
@@ -11401,7 +11507,8 @@ module Aws::S3
11401
11507
  # * South America (São Paulo)
11402
11508
  #
11403
11509
  # For a list of all the Amazon S3 supported Regions and endpoints, see
11404
- # [Regions and Endpoints][4] in the AWS General Reference.
11510
+ # [Regions and Endpoints][4] in the Amazon Web Services General
11511
+ # Reference.
11405
11512
  #
11406
11513
  # </note>
11407
11514
  #
@@ -11445,10 +11552,10 @@ module Aws::S3
11445
11552
  # When using this action with an access point, you must direct requests
11446
11553
  # to the access point hostname. The access point hostname takes the form
11447
11554
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
11448
- # When using this action with an access point through the AWS SDKs, you
11449
- # provide the access point ARN in place of the bucket name. For more
11450
- # information about access point ARNs, see [Using access points][1] in
11451
- # the *Amazon S3 User Guide*.
11555
+ # When using this action with an access point through the Amazon Web
11556
+ # Services SDKs, you provide the access point ARN in place of the bucket
11557
+ # name. For more information about access point ARNs, see [Using access
11558
+ # points][1] in the *Amazon S3 User Guide*.
11452
11559
  #
11453
11560
  #
11454
11561
  #
@@ -11460,8 +11567,9 @@ module Aws::S3
11460
11567
  # not corrupted in transit. For more information, go to [RFC
11461
11568
  # 1864.&gt;][1]
11462
11569
  #
11463
- # For requests made using the AWS Command Line Interface (CLI) or AWS
11464
- # SDKs, this field is calculated automatically.
11570
+ # For requests made using the Amazon Web Services Command Line Interface
11571
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
11572
+ # automatically.
11465
11573
  #
11466
11574
  #
11467
11575
  #
@@ -11500,19 +11608,19 @@ module Aws::S3
11500
11608
  # When using this action with an access point, you must direct requests
11501
11609
  # to the access point hostname. The access point hostname takes the form
11502
11610
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
11503
- # When using this action with an access point through the AWS SDKs, you
11504
- # provide the access point ARN in place of the bucket name. For more
11505
- # information about access point ARNs, see [Using access points][1] in
11506
- # the *Amazon S3 User Guide*.
11611
+ # When using this action with an access point through the Amazon Web
11612
+ # Services SDKs, you provide the access point ARN in place of the bucket
11613
+ # name. For more information about access point ARNs, see [Using access
11614
+ # points][1] in the *Amazon S3 User Guide*.
11507
11615
  #
11508
11616
  # When using this action with Amazon S3 on Outposts, you must direct
11509
11617
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
11510
11618
  # takes the form
11511
11619
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
11512
- # When using this action using S3 on Outposts through the AWS SDKs, you
11513
- # provide the Outposts bucket ARN in place of the bucket name. For more
11514
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
11515
- # in the *Amazon S3 User Guide*.
11620
+ # When using this action using S3 on Outposts through the Amazon Web
11621
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
11622
+ # bucket name. For more information about S3 on Outposts ARNs, see
11623
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
11516
11624
  #
11517
11625
  #
11518
11626
  #
@@ -11625,10 +11733,10 @@ module Aws::S3
11625
11733
  # When using this action with an access point, you must direct requests
11626
11734
  # to the access point hostname. The access point hostname takes the form
11627
11735
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
11628
- # When using this action with an access point through the AWS SDKs, you
11629
- # provide the access point ARN in place of the bucket name. For more
11630
- # information about access point ARNs, see [Using access points][1] in
11631
- # the *Amazon S3 User Guide*.
11736
+ # When using this action with an access point through the Amazon Web
11737
+ # Services SDKs, you provide the access point ARN in place of the bucket
11738
+ # name. For more information about access point ARNs, see [Using access
11739
+ # points][1] in the *Amazon S3 User Guide*.
11632
11740
  #
11633
11741
  #
11634
11742
  #
@@ -11658,8 +11766,9 @@ module Aws::S3
11658
11766
  # @option params [String] :content_md5
11659
11767
  # The MD5 hash for the request body.
11660
11768
  #
11661
- # For requests made using the AWS Command Line Interface (CLI) or AWS
11662
- # SDKs, this field is calculated automatically.
11769
+ # For requests made using the Amazon Web Services Command Line Interface
11770
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
11771
+ # automatically.
11663
11772
  #
11664
11773
  # @option params [String] :expected_bucket_owner
11665
11774
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -11709,7 +11818,8 @@ module Aws::S3
11709
11818
  # same time.
11710
11819
  #
11711
11820
  # * You can only enable Object Lock for new buckets. If you want to turn
11712
- # on Object Lock for an existing bucket, contact AWS Support.
11821
+ # on Object Lock for an existing bucket, contact Amazon Web Services
11822
+ # Support.
11713
11823
  #
11714
11824
  # </note>
11715
11825
  #
@@ -11742,8 +11852,9 @@ module Aws::S3
11742
11852
  # @option params [String] :content_md5
11743
11853
  # The MD5 hash for the request body.
11744
11854
  #
11745
- # For requests made using the AWS Command Line Interface (CLI) or AWS
11746
- # SDKs, this field is calculated automatically.
11855
+ # For requests made using the Amazon Web Services Command Line Interface
11856
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
11857
+ # automatically.
11747
11858
  #
11748
11859
  # @option params [String] :expected_bucket_owner
11749
11860
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -11788,10 +11899,20 @@ module Aws::S3
11788
11899
  end
11789
11900
 
11790
11901
  # Places an Object Retention configuration on an object. For more
11791
- # information, see [Locking Objects][1].
11902
+ # information, see [Locking Objects][1]. Users or accounts require the
11903
+ # `s3:PutObjectRetention` permission in order to place an Object
11904
+ # Retention configuration on objects. Bypassing a Governance Retention
11905
+ # configuration requires the `s3:BypassGovernanceRetention` permission.
11792
11906
  #
11793
11907
  # This action is not supported by Amazon S3 on Outposts.
11794
11908
  #
11909
+ # **Permissions**
11910
+ #
11911
+ # When the Object Lock retention mode is set to compliance, you need
11912
+ # `s3:PutObjectRetention` and `s3:BypassGovernanceRetention`
11913
+ # permissions. For other requests to `PutObjectRetention`, only
11914
+ # `s3:PutObjectRetention` permissions are required.
11915
+ #
11795
11916
  #
11796
11917
  #
11797
11918
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
@@ -11803,10 +11924,10 @@ module Aws::S3
11803
11924
  # When using this action with an access point, you must direct requests
11804
11925
  # to the access point hostname. The access point hostname takes the form
11805
11926
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
11806
- # When using this action with an access point through the AWS SDKs, you
11807
- # provide the access point ARN in place of the bucket name. For more
11808
- # information about access point ARNs, see [Using access points][1] in
11809
- # the *Amazon S3 User Guide*.
11927
+ # When using this action with an access point through the Amazon Web
11928
+ # Services SDKs, you provide the access point ARN in place of the bucket
11929
+ # name. For more information about access point ARNs, see [Using access
11930
+ # points][1] in the *Amazon S3 User Guide*.
11810
11931
  #
11811
11932
  #
11812
11933
  #
@@ -11841,8 +11962,9 @@ module Aws::S3
11841
11962
  # @option params [String] :content_md5
11842
11963
  # The MD5 hash for the request body.
11843
11964
  #
11844
- # For requests made using the AWS Command Line Interface (CLI) or AWS
11845
- # SDKs, this field is calculated automatically.
11965
+ # For requests made using the Amazon Web Services Command Line Interface
11966
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
11967
+ # automatically.
11846
11968
  #
11847
11969
  # @option params [String] :expected_bucket_owner
11848
11970
  # The account ID of the expected bucket owner. If the bucket is owned by
@@ -11945,19 +12067,19 @@ module Aws::S3
11945
12067
  # When using this action with an access point, you must direct requests
11946
12068
  # to the access point hostname. The access point hostname takes the form
11947
12069
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
11948
- # When using this action with an access point through the AWS SDKs, you
11949
- # provide the access point ARN in place of the bucket name. For more
11950
- # information about access point ARNs, see [Using access points][1] in
11951
- # the *Amazon S3 User Guide*.
12070
+ # When using this action with an access point through the Amazon Web
12071
+ # Services SDKs, you provide the access point ARN in place of the bucket
12072
+ # name. For more information about access point ARNs, see [Using access
12073
+ # points][1] in the *Amazon S3 User Guide*.
11952
12074
  #
11953
12075
  # When using this action with Amazon S3 on Outposts, you must direct
11954
12076
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
11955
12077
  # takes the form
11956
12078
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
11957
- # When using this action using S3 on Outposts through the AWS SDKs, you
11958
- # provide the Outposts bucket ARN in place of the bucket name. For more
11959
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
11960
- # in the *Amazon S3 User Guide*.
12079
+ # When using this action using S3 on Outposts through the Amazon Web
12080
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
12081
+ # bucket name. For more information about S3 on Outposts ARNs, see
12082
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
11961
12083
  #
11962
12084
  #
11963
12085
  #
@@ -11973,8 +12095,9 @@ module Aws::S3
11973
12095
  # @option params [String] :content_md5
11974
12096
  # The MD5 hash for the request body.
11975
12097
  #
11976
- # For requests made using the AWS Command Line Interface (CLI) or AWS
11977
- # SDKs, this field is calculated automatically.
12098
+ # For requests made using the Amazon Web Services Command Line Interface
12099
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
12100
+ # automatically.
11978
12101
  #
11979
12102
  # @option params [required, Types::Tagging] :tagging
11980
12103
  # Container for the `TagSet` and `Tag` elements
@@ -12100,8 +12223,9 @@ module Aws::S3
12100
12223
  # @option params [String] :content_md5
12101
12224
  # The MD5 hash of the `PutPublicAccessBlock` request body.
12102
12225
  #
12103
- # For requests made using the AWS Command Line Interface (CLI) or AWS
12104
- # SDKs, this field is calculated automatically.
12226
+ # For requests made using the Amazon Web Services Command Line Interface
12227
+ # (CLI) or Amazon Web Services SDKs, this field is calculated
12228
+ # automatically.
12105
12229
  #
12106
12230
  # @option params [required, Types::PublicAccessBlockConfiguration] :public_access_block_configuration
12107
12231
  # The `PublicAccessBlock` configuration that you want to apply to this
@@ -12174,13 +12298,13 @@ module Aws::S3
12174
12298
  # When making a select request, do the following:
12175
12299
  #
12176
12300
  # * Define an output location for the select query's output. This must
12177
- # be an Amazon S3 bucket in the same AWS Region as the bucket that
12178
- # contains the archive object that is being queried. The AWS account
12179
- # that initiates the job must have permissions to write to the S3
12180
- # bucket. You can specify the storage class and encryption for the
12181
- # output objects stored in the bucket. For more information about
12182
- # output, see [Querying Archived Objects][3] in the *Amazon S3 User
12183
- # Guide*.
12301
+ # be an Amazon S3 bucket in the same Amazon Web Services Region as the
12302
+ # bucket that contains the archive object that is being queried. The
12303
+ # Amazon Web Services account that initiates the job must have
12304
+ # permissions to write to the S3 bucket. You can specify the storage
12305
+ # class and encryption for the output objects stored in the bucket.
12306
+ # For more information about output, see [Querying Archived
12307
+ # Objects][3] in the *Amazon S3 User Guide*.
12184
12308
  #
12185
12309
  # For more information about the `S3` structure in the request body,
12186
12310
  # see the following:
@@ -12389,19 +12513,19 @@ module Aws::S3
12389
12513
  # When using this action with an access point, you must direct requests
12390
12514
  # to the access point hostname. The access point hostname takes the form
12391
12515
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
12392
- # When using this action with an access point through the AWS SDKs, you
12393
- # provide the access point ARN in place of the bucket name. For more
12394
- # information about access point ARNs, see [Using access points][1] in
12395
- # the *Amazon S3 User Guide*.
12516
+ # When using this action with an access point through the Amazon Web
12517
+ # Services SDKs, you provide the access point ARN in place of the bucket
12518
+ # name. For more information about access point ARNs, see [Using access
12519
+ # points][1] in the *Amazon S3 User Guide*.
12396
12520
  #
12397
12521
  # When using this action with Amazon S3 on Outposts, you must direct
12398
12522
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
12399
12523
  # takes the form
12400
12524
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
12401
- # When using this action using S3 on Outposts through the AWS SDKs, you
12402
- # provide the Outposts bucket ARN in place of the bucket name. For more
12403
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
12404
- # in the *Amazon S3 User Guide*.
12525
+ # When using this action using S3 on Outposts through the Amazon Web
12526
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
12527
+ # bucket name. For more information about S3 on Outposts ARNs, see
12528
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
12405
12529
  #
12406
12530
  #
12407
12531
  #
@@ -12618,10 +12742,10 @@ module Aws::S3
12618
12742
  # Encryption Keys)][5] in the *Amazon S3 User Guide*.
12619
12743
  #
12620
12744
  # For objects that are encrypted with Amazon S3 managed encryption
12621
- # keys (SSE-S3) and customer master keys (CMKs) stored in AWS Key
12622
- # Management Service (SSE-KMS), server-side encryption is handled
12623
- # transparently, so you don't need to specify anything. For more
12624
- # information about server-side encryption, including SSE-S3 and
12745
+ # keys (SSE-S3) and customer master keys (CMKs) stored in Amazon Web
12746
+ # Services Key Management Service (SSE-KMS), server-side encryption is
12747
+ # handled transparently, so you don't need to specify anything. For
12748
+ # more information about server-side encryption, including SSE-S3 and
12625
12749
  # SSE-KMS, see [Protecting Data Using Server-Side Encryption][6] in
12626
12750
  # the *Amazon S3 User Guide*.
12627
12751
  #
@@ -12630,7 +12754,7 @@ module Aws::S3
12630
12754
  # Given the response size is unknown, Amazon S3 Select streams the
12631
12755
  # response as a series of messages and includes a `Transfer-Encoding`
12632
12756
  # header with `chunked` as its value in the response. For more
12633
- # information, see [Appendix: SelectObjectContent Response][7] .
12757
+ # information, see [Appendix: SelectObjectContent Response][7].
12634
12758
  #
12635
12759
  #
12636
12760
  #
@@ -13001,10 +13125,11 @@ module Aws::S3
13001
13125
  # checks the part data against the provided MD5 value. If they do not
13002
13126
  # match, Amazon S3 returns an error.
13003
13127
  #
13004
- # If the upload request is signed with Signature Version 4, then AWS S3
13005
- # uses the `x-amz-content-sha256` header as a checksum instead of
13006
- # `Content-MD5`. For more information see [Authenticating Requests:
13007
- # Using the Authorization Header (AWS Signature Version 4)][3].
13128
+ # If the upload request is signed with Signature Version 4, then Amazon
13129
+ # Web Services S3 uses the `x-amz-content-sha256` header as a checksum
13130
+ # instead of `Content-MD5`. For more information see [Authenticating
13131
+ # Requests: Using the Authorization Header (Amazon Web Services
13132
+ # Signature Version 4)][3].
13008
13133
  #
13009
13134
  # **Note:** After you initiate multipart upload and upload one or more
13010
13135
  # parts, you must either complete or abort multipart upload in order to
@@ -13022,11 +13147,11 @@ module Aws::S3
13022
13147
  # You can optionally request server-side encryption where Amazon S3
13023
13148
  # encrypts your data as it writes it to disks in its data centers and
13024
13149
  # decrypts it for you when you access it. You have the option of
13025
- # providing your own encryption key, or you can use the AWS managed
13026
- # encryption keys. If you choose to provide your own encryption key, the
13027
- # request headers you provide in the request must match the headers you
13028
- # used in the request to initiate the upload by using
13029
- # [CreateMultipartUpload][2]. For more information, go to [Using
13150
+ # providing your own encryption key, or you can use the Amazon Web
13151
+ # Services managed encryption keys. If you choose to provide your own
13152
+ # encryption key, the request headers you provide in the request must
13153
+ # match the headers you used in the request to initiate the upload by
13154
+ # using [CreateMultipartUpload][2]. For more information, go to [Using
13030
13155
  # Server-Side Encryption][6] in the *Amazon S3 User Guide*.
13031
13156
  #
13032
13157
  # Server-side encryption is supported by the S3 Multipart Upload
@@ -13093,19 +13218,19 @@ module Aws::S3
13093
13218
  # When using this action with an access point, you must direct requests
13094
13219
  # to the access point hostname. The access point hostname takes the form
13095
13220
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
13096
- # When using this action with an access point through the AWS SDKs, you
13097
- # provide the access point ARN in place of the bucket name. For more
13098
- # information about access point ARNs, see [Using access points][1] in
13099
- # the *Amazon S3 User Guide*.
13221
+ # When using this action with an access point through the Amazon Web
13222
+ # Services SDKs, you provide the access point ARN in place of the bucket
13223
+ # name. For more information about access point ARNs, see [Using access
13224
+ # points][1] in the *Amazon S3 User Guide*.
13100
13225
  #
13101
13226
  # When using this action with Amazon S3 on Outposts, you must direct
13102
13227
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
13103
13228
  # takes the form
13104
13229
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
13105
- # When using this action using S3 on Outposts through the AWS SDKs, you
13106
- # provide the Outposts bucket ARN in place of the bucket name. For more
13107
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
13108
- # in the *Amazon S3 User Guide*.
13230
+ # When using this action using S3 on Outposts through the Amazon Web
13231
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
13232
+ # bucket name. For more information about S3 on Outposts ARNs, see
13233
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
13109
13234
  #
13110
13235
  #
13111
13236
  #
@@ -13367,19 +13492,19 @@ module Aws::S3
13367
13492
  # When using this action with an access point, you must direct requests
13368
13493
  # to the access point hostname. The access point hostname takes the form
13369
13494
  # *AccessPointName*-*AccountId*.s3-accesspoint.*Region*.amazonaws.com.
13370
- # When using this action with an access point through the AWS SDKs, you
13371
- # provide the access point ARN in place of the bucket name. For more
13372
- # information about access point ARNs, see [Using access points][1] in
13373
- # the *Amazon S3 User Guide*.
13495
+ # When using this action with an access point through the Amazon Web
13496
+ # Services SDKs, you provide the access point ARN in place of the bucket
13497
+ # name. For more information about access point ARNs, see [Using access
13498
+ # points][1] in the *Amazon S3 User Guide*.
13374
13499
  #
13375
13500
  # When using this action with Amazon S3 on Outposts, you must direct
13376
13501
  # requests to the S3 on Outposts hostname. The S3 on Outposts hostname
13377
13502
  # takes the form
13378
13503
  # *AccessPointName*-*AccountId*.*outpostID*.s3-outposts.*Region*.amazonaws.com.
13379
- # When using this action using S3 on Outposts through the AWS SDKs, you
13380
- # provide the Outposts bucket ARN in place of the bucket name. For more
13381
- # information about S3 on Outposts ARNs, see [Using S3 on Outposts][2]
13382
- # in the *Amazon S3 User Guide*.
13504
+ # When using this action using S3 on Outposts through the Amazon Web
13505
+ # Services SDKs, you provide the Outposts bucket ARN in place of the
13506
+ # bucket name. For more information about S3 on Outposts ARNs, see
13507
+ # [Using S3 on Outposts][2] in the *Amazon S3 User Guide*.
13383
13508
  #
13384
13509
  #
13385
13510
  #
@@ -13409,7 +13534,8 @@ module Aws::S3
13409
13534
  # The value must be URL encoded.
13410
13535
  #
13411
13536
  # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
13412
- # source and destination buckets are in the same AWS Region.
13537
+ # source and destination buckets are in the same Amazon Web Services
13538
+ # Region.
13413
13539
  #
13414
13540
  # </note>
13415
13541
  #
@@ -13624,18 +13750,24 @@ module Aws::S3
13624
13750
  # [GetObject][2], in addition to `RequestRoute`, `RequestToken`,
13625
13751
  # `StatusCode`, `ErrorCode`, and `ErrorMessage`. The `GetObject`
13626
13752
  # response metadata is supported so that the `WriteGetObjectResponse`
13627
- # caller, typically an AWS Lambda function, can provide the same
13628
- # metadata when it internally invokes `GetObject`. When
13629
- # `WriteGetObjectResponse` is called by a customer-owned Lambda
13630
- # function, the metadata returned to the end user `GetObject` call might
13631
- # differ from what Amazon S3 would normally return.
13632
- #
13633
- # AWS provides some prebuilt Lambda functions that you can use with S3
13634
- # Object Lambda to detect and redact personally identifiable information
13635
- # (PII) and decompress S3 objects. These Lambda functions are available
13636
- # in the AWS Serverless Application Repository, and can be selected
13637
- # through the AWS Management Console when you create your Object Lambda
13638
- # Access Point.
13753
+ # caller, typically an Lambda function, can provide the same metadata
13754
+ # when it internally invokes `GetObject`. When `WriteGetObjectResponse`
13755
+ # is called by a customer-owned Lambda function, the metadata returned
13756
+ # to the end user `GetObject` call might differ from what Amazon S3
13757
+ # would normally return.
13758
+ #
13759
+ # You can include any number of metadata headers. When including a
13760
+ # metadata header, it should be prefaced with `x-amz-meta`. For example,
13761
+ # `x-amz-meta-my-custom-header: MyCustomValue`. The primary use case for
13762
+ # this is to forward `GetObject` metadata.
13763
+ #
13764
+ # Amazon Web Services provides some prebuilt Lambda functions that you
13765
+ # can use with S3 Object Lambda to detect and redact personally
13766
+ # identifiable information (PII) and decompress S3 objects. These Lambda
13767
+ # functions are available in the Amazon Web Services Serverless
13768
+ # Application Repository, and can be selected through the Amazon Web
13769
+ # Services Management Console when you create your Object Lambda Access
13770
+ # Point.
13639
13771
  #
13640
13772
  # Example 1: PII Access Control - This Lambda function uses Amazon
13641
13773
  # Comprehend, a natural language processing (NLP) service using machine
@@ -13656,8 +13788,9 @@ module Aws::S3
13656
13788
  # in S3 in one of six compressed file formats including bzip2, gzip,
13657
13789
  # snappy, zlib, zstandard and ZIP.
13658
13790
  #
13659
- # For information on how to view and use these functions, see [Using AWS
13660
- # built Lambda functions][3] in the *Amazon S3 User Guide*.
13791
+ # For information on how to view and use these functions, see [Using
13792
+ # Amazon Web Services built Lambda functions][3] in the *Amazon S3 User
13793
+ # Guide*.
13661
13794
  #
13662
13795
  #
13663
13796
  #
@@ -13825,9 +13958,9 @@ module Aws::S3
13825
13958
  # Amazon S3.
13826
13959
  #
13827
13960
  # @option params [String] :ssekms_key_id
13828
- # If present, specifies the ID of the AWS Key Management Service (AWS
13829
- # KMS) symmetric customer managed customer master key (CMK) that was
13830
- # used for stored in Amazon S3 object.
13961
+ # If present, specifies the ID of the Amazon Web Services Key Management
13962
+ # Service (Amazon Web Services KMS) symmetric customer managed customer
13963
+ # master key (CMK) that was used for stored in Amazon S3 object.
13831
13964
  #
13832
13965
  # @option params [String] :sse_customer_key_md5
13833
13966
  # 128-bit MD5 digest of customer-provided encryption key used in Amazon
@@ -13850,7 +13983,7 @@ module Aws::S3
13850
13983
  #
13851
13984
  # @option params [Boolean] :bucket_key_enabled
13852
13985
  # Indicates whether the object stored in Amazon S3 uses an S3 bucket key
13853
- # for server-side encryption with AWS KMS (SSE-KMS).
13986
+ # for server-side encryption with Amazon Web Services KMS (SSE-KMS).
13854
13987
  #
13855
13988
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
13856
13989
  #
@@ -13919,7 +14052,7 @@ module Aws::S3
13919
14052
  params: params,
13920
14053
  config: config)
13921
14054
  context[:gem_name] = 'aws-sdk-s3'
13922
- context[:gem_version] = '1.98.0'
14055
+ context[:gem_version] = '1.102.0'
13923
14056
  Seahorse::Client::Request.new(handlers, context)
13924
14057
  end
13925
14058