aws-sdk-s3 1.99.0 → 1.103.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de1ad08f2ee4e903f356638496ed7c64da287ae976d12df0e15c6f7849859154
-  data.tar.gz: b8f77d8a98734e00c7e3c8a418aad5c18102408473593430852b4c5b37c9aa0e
+  metadata.gz: 15712b72bf9c4eceb463344aa738f5e520a02161776d0a2e0c501c589ffba31b
+  data.tar.gz: 44bd3b0c543a0bb6b31ff26da9e664b431b0497ca5157385671526a9bbe8c589
 SHA512:
-  metadata.gz: 403f3fed65e872154ed19641dcc2af5fa0833381b1cca5d06d25e2674b10085db6743cc2a8ecee94db2129b29a95287a8c7c9ece25183e3fcc6d147b2495f87c
-  data.tar.gz: f519032f43cd1b100fc55e89c80a0489f1659fb3d0b6cee427239249f2fb4a8c548ca6108f7202715a7f813375582533c97f9a911d3de8d10cffadf3f2993008
+  metadata.gz: f4dc0b61914a6c48dac9858321b0a6eb972991e2938d39a10d105140c18fcf7a43d1d905654942033f44336e491e82d5ad178eb2fc84beac05ac1e059da98be7
+  data.tar.gz: 709d8e45a27f894622800dabb2ebb300f0d4b6f888c081987e42022b602d703aa22bd42fab179aeb976ee5ef12b98cb6b04d1663a49749b8693ea81b8099a2d3

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.103.0 (2021-09-16)
+------------------
+
+* Feature - Add support for access point arn filtering in S3 CW Request Metrics
+
+1.102.0 (2021-09-02)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.101.0 (2021-09-01)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.100.0 (2021-08-27)
+------------------
+
+* Feature - Documentation updates for Amazon S3.
+
 1.99.0 (2021-08-16)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.99.0
+1.103.0

data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    # @api private
+    class MultiRegionAccessPointARN < Aws::ARN
+      def initialize(options)
+        super(options)
+        @type, @mrap_alias, @extra = @resource.split(/[:,\/]/)
+      end
+
+      attr_reader :mrap_alias
+
+      def support_dualstack?
+        false
+      end
+
+      def support_fips?
+        false
+      end
+
+      def validate_arn!
+        unless @service == 's3'
+          raise ArgumentError,
+                'Must provide a valid S3 multi-region access point ARN.'
+        end
+
+        if @account_id.empty?
+          raise ArgumentError,
+                'S3 multi-region access point ARNs must contain '\
+                'an account id.'
+        end
+
+        unless @region.empty?
+          raise ArgumentError,
+                'Multi-region access points must have an empty region.'
+        end
+
+        if @type != 'accesspoint'
+          raise ArgumentError, 'Invalid ARN, resource format is not correct'
+        end
+
+        if @mrap_alias.nil? || @mrap_alias.empty?
+          raise ArgumentError, 'Missing ARN multi-region access points alias.'
+        end
+
+        unless @mrap_alias.split('.').all? { |s| Seahorse::Util.host_label?(s) }
+          raise ArgumentError, "#{@mrap_alias} is not a valid "\
+                'multi region access point alias.'
+        end
+
+        if @extra
+          raise ArgumentError,
+                'ARN access point resource must be a single value.'
+        end
+      end
+
+      def host_url(region, fips = false, dualstack = false, custom_endpoint = nil)
+        if custom_endpoint
+          "#{@mrap_alias}.#{custom_endpoint}"
+        else
+
+          sfx = Aws::Partitions::EndpointProvider.dns_suffix_for(@partition)
+          "#{@mrap_alias}.accesspoint.s3-global.#{sfx}"
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/bucket.rb

@@ -315,8 +315,8 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     # @option options [Boolean] :bypass_governance_retention
     #   Specifies whether you want to delete this object even if it has a
-    #   Governance-type Object Lock in place. You must have sufficient
-    #   permissions to perform this operation.
+    #   Governance-type Object Lock in place. To use this header, you must
+    #   have the `s3:PutBucketPublicAccessBlock` permission.
     # @option options [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
     #   a different account, the request will fail with an HTTP `403 (Access
@@ -517,12 +517,12 @@ module Aws::S3
     #   If `x-amz-server-side-encryption` is present and has the value of
     #   `aws:kms`, this header specifies the ID of the Amazon Web Services Key
     #   Management Service (Amazon Web Services KMS) symmetrical customer
-    #   managed customer master key (CMK) that was used for the object. If you
-    #   specify `x-amz-server-side-encryption:aws:kms`, but do not provide`
+    #   managed key that was used for the object. If you specify
+    #   `x-amz-server-side-encryption:aws:kms`, but do not provide`
     #   x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
-    #   Amazon Web Services managed CMK in Amazon Web Services to protect the
-    #   data. If the KMS key does not exist in the same account issuing the
-    #   command, you must use the full ARN and not just the ID.
+    #   Amazon Web Services managed key to protect the data. If the KMS key
+    #   does not exist in the same account issuing the command, you must use
+    #   the full ARN and not just the ID.
     # @option options [String] :ssekms_encryption_context
     #   Specifies the Amazon Web Services KMS Encryption Context to use for
     #   object encryption. The value of this header is a base64-encoded UTF-8

data/lib/aws-sdk-s3/client.rb

@@ -327,6 +327,11 @@ module Aws::S3
     #       in the future.
     #
     #
+    #   @option options [Boolean] :s3_disable_multiregion_access_points (false)
+    #     When set to `false` this will option will raise errors when multi-region
+    #     access point ARNs are used.  Multi-region access points can potentially
+    #     result in cross region requests.
+    #
     #   @option options [String] :s3_us_east_1_regional_endpoint ("legacy")
     #     Pass in `regional` to enable the `us-east-1` regional endpoint.
     #     Defaults to `legacy` mode which uses the global endpoint.
@@ -1557,15 +1562,14 @@ module Aws::S3
     # You can optionally request server-side encryption. For server-side
     # encryption, Amazon S3 encrypts your data as it writes it to disks in
     # its data centers and decrypts it when you access it. You can provide
-    # your own encryption key, or use Amazon Web Services Key Management
-    # Service (Amazon Web Services KMS) customer master keys (CMKs) or
-    # Amazon S3-managed encryption keys. If you choose to provide your own
+    # your own encryption key, or use Amazon Web Services KMS keys or Amazon
+    # S3-managed encryption keys. If you choose to provide your own
     # encryption key, the request headers you provide in [UploadPart][1] and
     # [UploadPartCopy][6] requests must match the headers you used in the
     # request to initiate the upload by using `CreateMultipartUpload`.
     #
     # To perform a multipart upload with encryption using an Amazon Web
-    # Services KMS CMK, the requester must have permission to the
+    # Services KMS key, the requester must have permission to the
     # `kms:Decrypt` and `kms:GenerateDataKey*` actions on the key. These
     # permissions are required because Amazon S3 must decrypt and read data
     # from the encrypted file parts before it completes the multipart
@@ -1573,11 +1577,10 @@ module Aws::S3
     # permissions][7] in the *Amazon S3 User Guide*.
     #
     # If your Identity and Access Management (IAM) user or role is in the
-    # same Amazon Web Services account as the Amazon Web Services KMS CMK,
-    # then you must have these permissions on the key policy. If your IAM
-    # user or role belongs to a different account than the key, then you
-    # must have the permissions on both the key policy and your IAM user or
-    # role.
+    # same Amazon Web Services account as the KMS key, then you must have
+    # these permissions on the key policy. If your IAM user or role belongs
+    # to a different account than the key, then you must have the
+    # permissions on both the key policy and your IAM user or role.
     #
     # For more information, see [Protecting Data Using Server-Side
     # Encryption][8].
@@ -1610,11 +1613,11 @@ module Aws::S3
     #   option you use depends on whether you want to use Amazon Web
     #   Services managed encryption keys or provide your own encryption key.
     #
-    #   * Use encryption keys managed by Amazon S3 or customer master keys
-    #     (CMKs) stored in Amazon Web Services Key Management Service
-    #     (Amazon Web Services KMS) – If you want Amazon Web Services to
-    #     manage the keys used to encrypt data, specify the following
-    #     headers in the request.
+    #   * Use encryption keys managed by Amazon S3 or customer managed key
+    #     stored in Amazon Web Services Key Management Service (Amazon Web
+    #     Services KMS) – If you want Amazon Web Services to manage the keys
+    #     used to encrypt data, specify the following headers in the
+    #     request.
     #
     #     * x-amz-server-side-encryption
     #
@@ -1624,7 +1627,7 @@ module Aws::S3
     #
     #     <note markdown="1"> If you specify `x-amz-server-side-encryption:aws:kms`, but don't
     #     provide `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3
-    #     uses the Amazon Web Services managed CMK in Amazon Web Services
+    #     uses the Amazon Web Services managed key in Amazon Web Services
     #     KMS to protect the data.
     #
     #      </note>
@@ -1633,10 +1636,9 @@ module Aws::S3
     #     Services KMS fail if you don't make them with SSL or by using
     #     SigV4.
     #
-    #     For more information about server-side encryption with CMKs stored
-    #     in Amazon Web Services KMS (SSE-KMS), see [Protecting Data Using
-    #     Server-Side Encryption with CMKs stored in Amazon Web Services
-    #     KMS][11].
+    #     For more information about server-side encryption with KMS key
+    #     (SSE-KMS), see [Protecting Data Using Server-Side Encryption with
+    #     KMS keys][11].
     #
     #   * Use customer-provided encryption keys – If you want to manage your
     #     own encryption keys, provide all the following headers in the
@@ -1648,10 +1650,9 @@ module Aws::S3
     #
     #     * x-amz-server-side-encryption-customer-key-MD5
     #
-    #     For more information about server-side encryption with CMKs stored
-    #     in Amazon Web Services KMS (SSE-KMS), see [Protecting Data Using
-    #     Server-Side Encryption with CMKs stored in Amazon Web Services
-    #     KMS][11].
+    #     For more information about server-side encryption with KMS keys
+    #     (SSE-KMS), see [Protecting Data Using Server-Side Encryption with
+    #     KMS keys][11].
     #
     # Access-Control-List (ACL)-Specific Request Headers
     #
@@ -1876,13 +1877,13 @@ module Aws::S3
     #   ensure that the encryption key was transmitted without error.
     #
     # @option params [String] :ssekms_key_id
-    #   Specifies the ID of the symmetric customer managed Amazon Web Services
-    #   KMS CMK to use for object encryption. All GET and PUT requests for an
-    #   object protected by Amazon Web Services KMS will fail if not made via
-    #   SSL or using SigV4. For information about configuring using any of the
-    #   officially supported Amazon Web Services SDKs and Amazon Web Services
-    #   CLI, see [Specifying the Signature Version in Request
-    #   Authentication][1] in the *Amazon S3 User Guide*.
+    #   Specifies the ID of the symmetric customer managed key to use for
+    #   object encryption. All GET and PUT requests for an object protected by
+    #   Amazon Web Services KMS will fail if not made via SSL or using SigV4.
+    #   For information about configuring using any of the officially
+    #   supported Amazon Web Services SDKs and Amazon Web Services CLI, see
+    #   [Specifying the Signature Version in Request Authentication][1] in the
+    #   *Amazon S3 User Guide*.
     #
     #
     #
@@ -2252,21 +2253,23 @@ module Aws::S3
     #
     # The S3 Intelligent-Tiering storage class is designed to optimize
     # storage costs by automatically moving data to the most cost-effective
-    # storage access tier, without additional operational overhead. S3
-    # Intelligent-Tiering delivers automatic cost savings by moving data
-    # between access tiers, when access patterns change.
-    #
-    # The S3 Intelligent-Tiering storage class is suitable for objects
-    # larger than 128 KB that you plan to store for at least 30 days. If the
-    # size of an object is less than 128 KB, it is not eligible for
-    # auto-tiering. Smaller objects can be stored, but they are always
-    # charged at the frequent access tier rates in the S3
-    # Intelligent-Tiering storage class.
-    #
-    # If you delete an object before the end of the 30-day minimum storage
-    # duration period, you are charged for 30 days. For more information,
-    # see [Storage class for automatically optimizing frequently and
-    # infrequently accessed objects][1].
+    # storage access tier, without performance impact or operational
+    # overhead. S3 Intelligent-Tiering delivers automatic cost savings in
+    # two low latency and high throughput access tiers. For data that can be
+    # accessed asynchronously, you can choose to activate automatic
+    # archiving capabilities within the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # The S3 Intelligent-Tiering storage class is the ideal storage class
+    # for data with unknown, changing, or unpredictable access patterns,
+    # independent of object size or retention period. If the size of an
+    # object is less than 128 KB, it is not eligible for auto-tiering.
+    # Smaller objects can be stored, but they are always charged at the
+    # Frequent Access tier rates in the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # For more information, see [Storage class for automatically optimizing
+    # frequently and infrequently accessed objects][1].
     #
     # Operations related to `DeleteBucketIntelligentTieringConfiguration`
     # include:
@@ -2882,7 +2885,8 @@ module Aws::S3
     #
     # @option params [Boolean] :bypass_governance_retention
     #   Indicates whether S3 Object Lock should bypass Governance-mode
-    #   restrictions to process this operation.
+    #   restrictions to process this operation. To use this header, you must
+    #   have the `s3:PutBucketPublicAccessBlock` permission.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -3010,35 +3014,35 @@ module Aws::S3
     #   * {Types::DeleteObjectTaggingOutput#version_id #version_id} => String
     #
     #
-    # @example Example: To remove tag set from an object
+    # @example Example: To remove tag set from an object version
     #
-    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
-    #   # operation removes tag set from the latest object version.
+    #   # The following example removes tag set associated with the specified object version. The request specifies both the
+    #   # object key and object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "null", 
+    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   }
     #
-    # @example Example: To remove tag set from an object version
+    # @example Example: To remove tag set from an object
     #
-    #   # The following example removes tag set associated with the specified object version. The request specifies both the
-    #   # object key and object version.
+    #   # The following example removes tag set associated with the specified object. If the bucket is versioning enabled, the
+    #   # operation removes tag set from the latest object version.
     #
     #   resp = client.delete_object_tagging({
     #     bucket: "examplebucket", 
     #     key: "HappyFace.jpg", 
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
-    #     version_id: "ydlaNkwWm0SfKJR.T1b1fIdPRbldTYRI", 
+    #     version_id: "null", 
     #   }
     #
     # @example Request syntax with placeholder values
@@ -3163,8 +3167,8 @@ module Aws::S3
     #
     # @option params [Boolean] :bypass_governance_retention
     #   Specifies whether you want to delete this object even if it has a
-    #   Governance-type Object Lock in place. You must have sufficient
-    #   permissions to perform this operation.
+    #   Governance-type Object Lock in place. To use this header, you must
+    #   have the `s3:PutBucketPublicAccessBlock` permission.
     #
     # @option params [String] :expected_bucket_owner
     #   The account ID of the expected bucket owner. If the bucket is owned by
@@ -3178,20 +3182,22 @@ module Aws::S3
     #   * {Types::DeleteObjectsOutput#errors #errors} => Array&lt;Types::Error&gt;
     #
     #
-    # @example Example: To delete multiple objects from a versioned bucket
+    # @example Example: To delete multiple object versions from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
-    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
+    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
+    #   # versions and returns the key and versions of deleted objects in the response.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "objectkey1", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #         }, 
     #         {
-    #           key: "objectkey2", 
+    #           key: "HappyFace.jpg", 
+    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -3202,34 +3208,30 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
-    #         key: "objectkey1", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
     #       }, 
     #       {
-    #         delete_marker: true, 
-    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
-    #         key: "objectkey2", 
+    #         key: "HappyFace.jpg", 
+    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
     #       }, 
     #     ], 
     #   }
     #
-    # @example Example: To delete multiple object versions from a versioned bucket
+    # @example Example: To delete multiple objects from a versioned bucket
     #
-    #   # The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object
-    #   # versions and returns the key and versions of deleted objects in the response.
+    #   # The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the
+    #   # object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.
     #
     #   resp = client.delete_objects({
     #     bucket: "examplebucket", 
     #     delete: {
     #       objects: [
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #           key: "objectkey1", 
     #         }, 
     #         {
-    #           key: "HappyFace.jpg", 
-    #           version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #           key: "objectkey2", 
     #         }, 
     #       ], 
     #       quiet: false, 
@@ -3240,12 +3242,14 @@ module Aws::S3
     #   {
     #     deleted: [
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", 
+    #         key: "objectkey1", 
     #       }, 
     #       {
-    #         key: "HappyFace.jpg", 
-    #         version_id: "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b", 
+    #         delete_marker: true, 
+    #         delete_marker_version_id: "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", 
+    #         key: "objectkey2", 
     #       }, 
     #     ], 
     #   }
@@ -3715,21 +3719,23 @@ module Aws::S3
     #
     # The S3 Intelligent-Tiering storage class is designed to optimize
     # storage costs by automatically moving data to the most cost-effective
-    # storage access tier, without additional operational overhead. S3
-    # Intelligent-Tiering delivers automatic cost savings by moving data
-    # between access tiers, when access patterns change.
-    #
-    # The S3 Intelligent-Tiering storage class is suitable for objects
-    # larger than 128 KB that you plan to store for at least 30 days. If the
-    # size of an object is less than 128 KB, it is not eligible for
-    # auto-tiering. Smaller objects can be stored, but they are always
-    # charged at the frequent access tier rates in the S3
-    # Intelligent-Tiering storage class.
-    #
-    # If you delete an object before the end of the 30-day minimum storage
-    # duration period, you are charged for 30 days. For more information,
-    # see [Storage class for automatically optimizing frequently and
-    # infrequently accessed objects][1].
+    # storage access tier, without performance impact or operational
+    # overhead. S3 Intelligent-Tiering delivers automatic cost savings in
+    # two low latency and high throughput access tiers. For data that can be
+    # accessed asynchronously, you can choose to activate automatic
+    # archiving capabilities within the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # The S3 Intelligent-Tiering storage class is the ideal storage class
+    # for data with unknown, changing, or unpredictable access patterns,
+    # independent of object size or retention period. If the size of an
+    # object is less than 128 KB, it is not eligible for auto-tiering.
+    # Smaller objects can be stored, but they are always charged at the
+    # Frequent Access tier rates in the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # For more information, see [Storage class for automatically optimizing
+    # frequently and infrequently accessed objects][1].
     #
     # Operations related to `GetBucketIntelligentTieringConfiguration`
     # include:
@@ -4296,10 +4302,12 @@ module Aws::S3
     #   resp.metrics_configuration.filter.prefix #=> String
     #   resp.metrics_configuration.filter.tag.key #=> String
     #   resp.metrics_configuration.filter.tag.value #=> String
+    #   resp.metrics_configuration.filter.access_point_arn #=> String
     #   resp.metrics_configuration.filter.and.prefix #=> String
     #   resp.metrics_configuration.filter.and.tags #=> Array
     #   resp.metrics_configuration.filter.and.tags[0].key #=> String
     #   resp.metrics_configuration.filter.and.tags[0].value #=> String
+    #   resp.metrics_configuration.filter.and.access_point_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketMetricsConfiguration AWS API Documentation
     #
@@ -5157,10 +5165,9 @@ module Aws::S3
     #
     # Encryption request headers, like `x-amz-server-side-encryption`,
     # should not be sent for GET requests if your object uses server-side
-    # encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or
-    # server-side encryption with Amazon S3–managed encryption keys
-    # (SSE-S3). If your object does use these types of keys, you’ll get an
-    # HTTP 400 BadRequest error.
+    # encryption with KMS keys (SSE-KMS) or server-side encryption with
+    # Amazon S3–managed encryption keys (SSE-S3). If your object does use
+    # these types of keys, you’ll get an HTTP 400 BadRequest error.
     #
     # If you encrypt an object by using server-side encryption with
     # customer-provided encryption keys (SSE-C) when you store the object in
@@ -5176,18 +5183,19 @@ module Aws::S3
     # For more information about SSE-C, see [Server-Side Encryption (Using
     # Customer-Provided Encryption Keys)][6].
     #
-    # Assuming you have permission to read object tags (permission for the
-    # `s3:GetObjectVersionTagging` action), the response also returns the
-    # `x-amz-tagging-count` header that provides the count of number of tags
-    # associated with the object. You can use [GetObjectTagging][7] to
-    # retrieve the tag set associated with an object.
+    # Assuming you have the relevant permission to read object tags, the
+    # response also returns the `x-amz-tagging-count` header that provides
+    # the count of number of tags associated with the object. You can use
+    # [GetObjectTagging][7] to retrieve the tag set associated with an
+    # object.
     #
     # **Permissions**
     #
-    # You need the `s3:GetObject` permission for this operation. For more
-    # information, see [Specifying Permissions in a Policy][8]. If the
-    # object you request does not exist, the error Amazon S3 returns depends
-    # on whether you also have the `s3:ListBucket` permission.
+    # You need the relevant read object (or version) permission for this
+    # operation. For more information, see [Specifying Permissions in a
+    # Policy][8]. If the object you request does not exist, the error Amazon
+    # S3 returns depends on whether you also have the `s3:ListBucket`
+    # permission.
     #
     # * If you have the `s3:ListBucket` permission on the bucket, Amazon S3
     #   will return an HTTP status code 404 ("no such key") error.
@@ -5294,6 +5302,9 @@ module Aws::S3
     #   name. For more information about access point ARNs, see [Using access
     #   points][1] in the *Amazon S3 User Guide*.
     #
+    #   When using an Object Lambda access point the hostname takes the form
+    #   *AccessPointName*-*AccountId*.s3-object-lambda.*Region*.amazonaws.com.
+    #
     #   When using this action with Amazon S3 on Outposts, you must direct
     #   requests to the S3 on Outposts hostname. The S3 on Outposts hostname
     #   takes the form
@@ -5437,49 +5448,49 @@ module Aws::S3
     #   * {Types::GetObjectOutput#object_lock_legal_hold_status #object_lock_legal_hold_status} => String
     #
     #
-    # @example Example: To retrieve a byte range of an object 
+    # @example Example: To retrieve an object
     #
-    #   # The following example retrieves an object for an S3 bucket. The request specifies the range header to retrieve a
-    #   # specific byte range.
+    #   # The following example retrieves an object for an S3 bucket.
     #
     #   resp = client.get_object({
     #     bucket: "examplebucket", 
-    #     key: "SampleFile.txt", 
-    #     range: "bytes=0-9", 
+    #     key: "HappyFace.jpg", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     accept_ranges: "bytes", 
-    #     content_length: 10, 
-    #     content_range: "bytes 0-9/43", 
-    #     content_type: "text/plain", 
-    #     etag: "\"0d94420ffd0bc68cd3d152506b97a9cc\"", 
-    #     last_modified: Time.parse("Thu, 09 Oct 2014 22:57:28 GMT"), 
+    #     content_length: 3191, 
+    #     content_type: "image/jpeg", 
+    #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
+    #     last_modified: Time.parse("Thu, 15 Dec 2016 01:19:41 GMT"), 
     #     metadata: {
     #     }, 
+    #     tag_count: 2, 
     #     version_id: "null", 
     #   }
     #
-    # @example Example: To retrieve an object
+    # @example Example: To retrieve a byte range of an object 
     #
-    #   # The following example retrieves an object for an S3 bucket.
+    #   # The following example retrieves an object for an S3 bucket. The request specifies the range header to retrieve a
+    #   # specific byte range.
     #
     #   resp = client.get_object({
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
+    #     key: "SampleFile.txt", 
+    #     range: "bytes=0-9", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     accept_ranges: "bytes", 
-    #     content_length: 3191, 
-    #     content_type: "image/jpeg", 
-    #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     last_modified: Time.parse("Thu, 15 Dec 2016 01:19:41 GMT"), 
+    #     content_length: 10, 
+    #     content_range: "bytes 0-9/43", 
+    #     content_type: "text/plain", 
+    #     etag: "\"0d94420ffd0bc68cd3d152506b97a9cc\"", 
+    #     last_modified: Time.parse("Thu, 09 Oct 2014 22:57:28 GMT"), 
     #     metadata: {
     #     }, 
-    #     tag_count: 2, 
     #     version_id: "null", 
     #   }
     #
@@ -6383,10 +6394,9 @@ module Aws::S3
     #
     # <note markdown="1"> * Encryption request headers, like `x-amz-server-side-encryption`,
     #   should not be sent for GET requests if your object uses server-side
-    #   encryption with CMKs stored in Amazon Web Services KMS (SSE-KMS) or
-    #   server-side encryption with Amazon S3–managed encryption keys
-    #   (SSE-S3). If your object does use these types of keys, you’ll get an
-    #   HTTP 400 BadRequest error.
+    #   encryption with KMS keys (SSE-KMS) or server-side encryption with
+    #   Amazon S3–managed encryption keys (SSE-S3). If your object does use
+    #   these types of keys, you’ll get an HTTP 400 BadRequest error.
     #
     # * The last modified property in this case is the creation date of the
     #   object.
@@ -6420,10 +6430,11 @@ module Aws::S3
     #
     # **Permissions**
     #
-    # You need the `s3:GetObject` permission for this operation. For more
-    # information, see [Specifying Permissions in a Policy][4]. If the
-    # object you request does not exist, the error Amazon S3 returns depends
-    # on whether you also have the s3:ListBucket permission.
+    # You need the relevant read object (or version) permission for this
+    # operation. For more information, see [Specifying Permissions in a
+    # Policy][4]. If the object you request does not exist, the error Amazon
+    # S3 returns depends on whether you also have the s3:ListBucket
+    # permission.
     #
     # * If you have the `s3:ListBucket` permission on the bucket, Amazon S3
     #   returns an HTTP status code 404 ("no such key") error.
@@ -6771,21 +6782,23 @@ module Aws::S3
     #
     # The S3 Intelligent-Tiering storage class is designed to optimize
     # storage costs by automatically moving data to the most cost-effective
-    # storage access tier, without additional operational overhead. S3
-    # Intelligent-Tiering delivers automatic cost savings by moving data
-    # between access tiers, when access patterns change.
-    #
-    # The S3 Intelligent-Tiering storage class is suitable for objects
-    # larger than 128 KB that you plan to store for at least 30 days. If the
-    # size of an object is less than 128 KB, it is not eligible for
-    # auto-tiering. Smaller objects can be stored, but they are always
-    # charged at the frequent access tier rates in the S3
-    # Intelligent-Tiering storage class.
-    #
-    # If you delete an object before the end of the 30-day minimum storage
-    # duration period, you are charged for 30 days. For more information,
-    # see [Storage class for automatically optimizing frequently and
-    # infrequently accessed objects][1].
+    # storage access tier, without performance impact or operational
+    # overhead. S3 Intelligent-Tiering delivers automatic cost savings in
+    # two low latency and high throughput access tiers. For data that can be
+    # accessed asynchronously, you can choose to activate automatic
+    # archiving capabilities within the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # The S3 Intelligent-Tiering storage class is the ideal storage class
+    # for data with unknown, changing, or unpredictable access patterns,
+    # independent of object size or retention period. If the size of an
+    # object is less than 128 KB, it is not eligible for auto-tiering.
+    # Smaller objects can be stored, but they are always charged at the
+    # Frequent Access tier rates in the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # For more information, see [Storage class for automatically optimizing
+    # frequently and infrequently accessed objects][1].
     #
     # Operations related to `ListBucketIntelligentTieringConfigurations`
     # include:
@@ -7033,10 +7046,12 @@ module Aws::S3
     #   resp.metrics_configuration_list[0].filter.prefix #=> String
     #   resp.metrics_configuration_list[0].filter.tag.key #=> String
     #   resp.metrics_configuration_list[0].filter.tag.value #=> String
+    #   resp.metrics_configuration_list[0].filter.access_point_arn #=> String
     #   resp.metrics_configuration_list[0].filter.and.prefix #=> String
     #   resp.metrics_configuration_list[0].filter.and.tags #=> Array
     #   resp.metrics_configuration_list[0].filter.and.tags[0].key #=> String
     #   resp.metrics_configuration_list[0].filter.and.tags[0].value #=> String
+    #   resp.metrics_configuration_list[0].filter.and.access_point_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListBucketMetricsConfigurations AWS API Documentation
     #
@@ -8814,12 +8829,12 @@ module Aws::S3
     # encryption and Amazon S3 Bucket Key for an existing bucket.
     #
     # Default encryption for a bucket can use server-side encryption with
-    # Amazon S3-managed keys (SSE-S3) or Amazon Web Services KMS customer
-    # master keys (SSE-KMS). If you specify default encryption using
-    # SSE-KMS, you can also configure Amazon S3 Bucket Key. For information
-    # about default encryption, see [Amazon S3 default bucket encryption][1]
-    # in the *Amazon S3 User Guide*. For more information about S3 Bucket
-    # Keys, see [Amazon S3 Bucket Keys][2] in the *Amazon S3 User Guide*.
+    # Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If
+    # you specify default encryption using SSE-KMS, you can also configure
+    # Amazon S3 Bucket Key. For information about default encryption, see
+    # [Amazon S3 default bucket encryption][1] in the *Amazon S3 User
+    # Guide*. For more information about S3 Bucket Keys, see [Amazon S3
+    # Bucket Keys][2] in the *Amazon S3 User Guide*.
     #
     # This action requires Amazon Web Services Signature Version 4. For more
     # information, see [ Authenticating Requests (Amazon Web Services
@@ -8851,10 +8866,10 @@ module Aws::S3
     #
     # @option params [required, String] :bucket
     #   Specifies default encryption for a bucket using server-side encryption
-    #   with Amazon S3-managed keys (SSE-S3) or customer master keys stored in
-    #   Amazon Web Services KMS (SSE-KMS). For information about the Amazon S3
-    #   default encryption feature, see [Amazon S3 Default Bucket
-    #   Encryption][1] in the *Amazon S3 User Guide*.
+    #   with Amazon S3-managed keys (SSE-S3) or customer managed keys
+    #   (SSE-KMS). For information about the Amazon S3 default encryption
+    #   feature, see [Amazon S3 Default Bucket Encryption][1] in the *Amazon
+    #   S3 User Guide*.
     #
     #
     #
@@ -8912,21 +8927,23 @@ module Aws::S3
     #
     # The S3 Intelligent-Tiering storage class is designed to optimize
     # storage costs by automatically moving data to the most cost-effective
-    # storage access tier, without additional operational overhead. S3
-    # Intelligent-Tiering delivers automatic cost savings by moving data
-    # between access tiers, when access patterns change.
-    #
-    # The S3 Intelligent-Tiering storage class is suitable for objects
-    # larger than 128 KB that you plan to store for at least 30 days. If the
-    # size of an object is less than 128 KB, it is not eligible for
-    # auto-tiering. Smaller objects can be stored, but they are always
-    # charged at the frequent access tier rates in the S3
-    # Intelligent-Tiering storage class.
-    #
-    # If you delete an object before the end of the 30-day minimum storage
-    # duration period, you are charged for 30 days. For more information,
-    # see [Storage class for automatically optimizing frequently and
-    # infrequently accessed objects][1].
+    # storage access tier, without performance impact or operational
+    # overhead. S3 Intelligent-Tiering delivers automatic cost savings in
+    # two low latency and high throughput access tiers. For data that can be
+    # accessed asynchronously, you can choose to activate automatic
+    # archiving capabilities within the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # The S3 Intelligent-Tiering storage class is the ideal storage class
+    # for data with unknown, changing, or unpredictable access patterns,
+    # independent of object size or retention period. If the size of an
+    # object is less than 128 KB, it is not eligible for auto-tiering.
+    # Smaller objects can be stored, but they are always charged at the
+    # Frequent Access tier rates in the S3 Intelligent-Tiering storage
+    # class.
+    #
+    # For more information, see [Storage class for automatically optimizing
+    # frequently and infrequently accessed objects][1].
     #
     # Operations related to `PutBucketIntelligentTieringConfiguration`
     # include:
@@ -9644,7 +9661,7 @@ module Aws::S3
     #
     # * [DeleteBucketMetricsConfiguration][4]
     #
-    # * [PutBucketMetricsConfiguration][5]
+    # * [GetBucketMetricsConfiguration][5]
     #
     # * [ListBucketMetricsConfigurations][6]
     #
@@ -9663,7 +9680,7 @@ module Aws::S3
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
     # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketMetricsConfiguration.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketMetricsConfiguration.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketMetricsConfiguration.html
     # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketMetricsConfigurations.html
     #
     # @option params [required, String] :bucket
@@ -9695,6 +9712,7 @@ module Aws::S3
     #           key: "ObjectKey", # required
     #           value: "Value", # required
     #         },
+    #         access_point_arn: "AccessPointArn",
     #         and: {
     #           prefix: "Prefix",
     #           tags: [
@@ -9703,6 +9721,7 @@ module Aws::S3
     #               value: "Value", # required
     #             },
     #           ],
+    #           access_point_arn: "AccessPointArn",
     #         },
     #       },
     #     },
@@ -10135,13 +10154,12 @@ module Aws::S3
     # **Handling Replication of Encrypted Objects**
     #
     # By default, Amazon S3 doesn't replicate objects that are stored at
-    # rest using server-side encryption with CMKs stored in Amazon Web
-    # Services KMS. To replicate Amazon Web Services KMS-encrypted objects,
-    # add the following: `SourceSelectionCriteria`,
-    # `SseKmsEncryptedObjects`, `Status`, `EncryptionConfiguration`, and
-    # `ReplicaKmsKeyID`. For information about replication configuration,
-    # see [Replicating Objects Created with SSE Using CMKs stored in Amazon
-    # Web Services KMS][4].
+    # rest using server-side encryption with KMS keys. To replicate Amazon
+    # Web Services KMS-encrypted objects, add the following:
+    # `SourceSelectionCriteria`, `SseKmsEncryptedObjects`, `Status`,
+    # `EncryptionConfiguration`, and `ReplicaKmsKeyID`. For information
+    # about replication configuration, see [Replicating Objects Created with
+    # SSE Using KMS keys][4].
     #
     # For information on `PutBucketReplication` errors, see [List of
     # replication-related error codes][5]
@@ -11104,12 +11122,12 @@ module Aws::S3
     #   If `x-amz-server-side-encryption` is present and has the value of
     #   `aws:kms`, this header specifies the ID of the Amazon Web Services Key
     #   Management Service (Amazon Web Services KMS) symmetrical customer
-    #   managed customer master key (CMK) that was used for the object. If you
-    #   specify `x-amz-server-side-encryption:aws:kms`, but do not provide`
+    #   managed key that was used for the object. If you specify
+    #   `x-amz-server-side-encryption:aws:kms`, but do not provide`
     #   x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
-    #   Amazon Web Services managed CMK in Amazon Web Services to protect the
-    #   data. If the KMS key does not exist in the same account issuing the
-    #   command, you must use the full ARN and not just the ID.
+    #   Amazon Web Services managed key to protect the data. If the KMS key
+    #   does not exist in the same account issuing the command, you must use
+    #   the full ARN and not just the ID.
     #
     # @option params [String] :ssekms_encryption_context
     #   Specifies the Amazon Web Services KMS Encryption Context to use for
@@ -11174,113 +11192,113 @@ module Aws::S3
     #   * {Types::PutObjectOutput#request_charged #request_charged} => String
     #
     #
-    # @example Example: To create an object.
+    # @example Example: To upload an object and specify optional tags
     #
-    #   # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
+    #   # S3 returns version ID of the newly created object.
     #
     #   resp = client.put_object({
-    #     body: "filetoupload", 
+    #     body: "c:\\HappyFace.jpg", 
     #     bucket: "examplebucket", 
-    #     key: "objectkey", 
+    #     key: "HappyFace.jpg", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ", 
+    #     version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a", 
     #   }
     #
-    # @example Example: To upload an object and specify optional tags
+    # @example Example: To upload an object and specify canned ACL.
     #
-    #   # The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore
-    #   # S3 returns version ID of the newly created object.
+    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
+    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     body: "c:\\HappyFace.jpg", 
+    #     acl: "authenticated-read", 
+    #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
-    #     tagging: "key1=value1&key2=value2", 
+    #     key: "exampleobject", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a", 
+    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
     #   }
     #
-    # @example Example: To upload an object
+    # @example Example: To upload an object and specify server-side encryption and object tags
     #
-    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
-    #   # syntax. S3 returns VersionId of the newly created object.
+    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
+    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     body: "HappyFace.jpg", 
+    #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
+    #     key: "exampleobject", 
+    #     server_side_encryption: "AES256", 
+    #     tagging: "key1=value1&key2=value2", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
     #   }
     #
-    # @example Example: To upload an object (specify optional headers)
+    # @example Example: To create an object.
     #
-    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
-    #   # storage class and use server-side encryption.
+    #   # The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.
     #
     #   resp = client.put_object({
-    #     body: "HappyFace.jpg", 
+    #     body: "filetoupload", 
     #     bucket: "examplebucket", 
-    #     key: "HappyFace.jpg", 
-    #     server_side_encryption: "AES256", 
-    #     storage_class: "STANDARD_IA", 
+    #     key: "objectkey", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
+    #     version_id: "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ", 
     #   }
     #
-    # @example Example: To upload an object and specify server-side encryption and object tags
+    # @example Example: To upload an object
     #
-    #   # The following example uploads and object. The request specifies the optional server-side encryption option. The request
-    #   # also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file
+    #   # syntax. S3 returns VersionId of the newly created object.
     #
     #   resp = client.put_object({
-    #     body: "filetoupload", 
+    #     body: "HappyFace.jpg", 
     #     bucket: "examplebucket", 
-    #     key: "exampleobject", 
-    #     server_side_encryption: "AES256", 
-    #     tagging: "key1=value1&key2=value2", 
+    #     key: "HappyFace.jpg", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     server_side_encryption: "AES256", 
-    #     version_id: "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt", 
+    #     version_id: "tpf3zF08nBplQK1XLOefGskR7mGDwcDk", 
     #   }
     #
-    # @example Example: To upload an object and specify canned ACL.
+    # @example Example: To upload an object (specify optional headers)
     #
-    #   # The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ
-    #   # access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.
+    #   # The following example uploads an object. The request specifies optional request headers to directs S3 to use specific
+    #   # storage class and use server-side encryption.
     #
     #   resp = client.put_object({
-    #     acl: "authenticated-read", 
-    #     body: "filetoupload", 
+    #     body: "HappyFace.jpg", 
     #     bucket: "examplebucket", 
-    #     key: "exampleobject", 
+    #     key: "HappyFace.jpg", 
+    #     server_side_encryption: "AES256", 
+    #     storage_class: "STANDARD_IA", 
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #     etag: "\"6805f2cfc46c0f04559748bb039d69ae\"", 
-    #     version_id: "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr", 
+    #     server_side_encryption: "AES256", 
+    #     version_id: "CG612hodqujkf8FaaNfp8U..FIhLROcp", 
     #   }
     #
     # @example Example: To upload object and specify user-defined metadata
@@ -12734,12 +12752,11 @@ module Aws::S3
     #   Encryption Keys)][5] in the *Amazon S3 User Guide*.
     #
     #   For objects that are encrypted with Amazon S3 managed encryption
-    #   keys (SSE-S3) and customer master keys (CMKs) stored in Amazon Web
-    #   Services Key Management Service (SSE-KMS), server-side encryption is
-    #   handled transparently, so you don't need to specify anything. For
-    #   more information about server-side encryption, including SSE-S3 and
-    #   SSE-KMS, see [Protecting Data Using Server-Side Encryption][6] in
-    #   the *Amazon S3 User Guide*.
+    #   keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS),
+    #   server-side encryption is handled transparently, so you don't need
+    #   to specify anything. For more information about server-side
+    #   encryption, including SSE-S3 and SSE-KMS, see [Protecting Data Using
+    #   Server-Side Encryption][6] in the *Amazon S3 User Guide*.
     #
     # **Working with the Response Body**
     #
@@ -13734,9 +13751,9 @@ module Aws::S3
     end
 
     # Passes transformed objects to a `GetObject` operation when using
-    # Object Lambda Access Points. For information about Object Lambda
-    # Access Points, see [Transforming objects with Object Lambda Access
-    # Points][1] in the *Amazon S3 User Guide*.
+    # Object Lambda access points. For information about Object Lambda
+    # access points, see [Transforming objects with Object Lambda access
+    # points][1] in the *Amazon S3 User Guide*.
     #
     # This operation supports metadata that can be returned by
     # [GetObject][2], in addition to `RequestRoute`, `RequestToken`,
@@ -13758,8 +13775,8 @@ module Aws::S3
     # identifiable information (PII) and decompress S3 objects. These Lambda
     # functions are available in the Amazon Web Services Serverless
     # Application Repository, and can be selected through the Amazon Web
-    # Services Management Console when you create your Object Lambda Access
-    # Point.
+    # Services Management Console when you create your Object Lambda access
+    # point.
     #
     # Example 1: PII Access Control - This Lambda function uses Amazon
     # Comprehend, a natural language processing (NLP) service using machine
@@ -13951,8 +13968,8 @@ module Aws::S3
     #
     # @option params [String] :ssekms_key_id
     #   If present, specifies the ID of the Amazon Web Services Key Management
-    #   Service (Amazon Web Services KMS) symmetric customer managed customer
-    #   master key (CMK) that was used for stored in Amazon S3 object.
+    #   Service (Amazon Web Services KMS) symmetric customer managed key that
+    #   was used for stored in Amazon S3 object.
     #
     # @option params [String] :sse_customer_key_md5
     #   128-bit MD5 digest of customer-provided encryption key used in Amazon
@@ -14044,7 +14061,7 @@ module Aws::S3
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.99.0'
+      context[:gem_version] = '1.103.0'
       Seahorse::Client::Request.new(handlers, context)
     end