aws-sdk-s3 1.204.0 → 1.205.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b3e6c1a389a8b653bb9b2cf6794af737d6eb9ba921e161cbc4d6310b5bf1da2
-  data.tar.gz: 0bf11ac8e2c6482a7575814185df05085bcef7395f0b4a0d1a553ac4e28516f1
+  metadata.gz: 4317d141110c16240cfc5412df21c614152e959a9943dfc4525550646f02a0dc
+  data.tar.gz: 060fd3c2735d93bb4376f7519f84e07c984f4052a9fd0f6c6456402494810bd6
 SHA512:
-  metadata.gz: 345faee4d24554abf10baf21078242da350ee86f60219696f6ad1df9fc4d77149d6aeabbac480e1173f5ff05a4413d9dba39b69f5b007f438672c30d5a97b406
-  data.tar.gz: bff580e0faa100be19a1531472b7e066e20da84fb606fa52643e20d588babc88f34a37868f2a98ca031b323c7c6f82d7c46e1c608ff40a9b2b54e2c2a74472ca
+  metadata.gz: 5e86d07d938a24f86c26dfa0b189c38e2ecc5c20a4ab884848f680474b784bf09acc9d52310c57b7b0d176c61b284fa5387bc762d7532f0bba0ca9183ed37e93
+  data.tar.gz: 18d6252cfe3a9d7284789a4703db29490b2c84d62d00d8abc1c4643ef0351082e6686aa84670690ffb3b253cf43c798a367af9689858eccca7db349719cab0e7

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.205.0 (2025-11-20)
+------------------
+
+* Feature - Enable / Disable ABAC on a general purpose bucket.
+
 1.204.0 (2025-11-19)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.204.0
+1.205.0

data/lib/aws-sdk-s3/client.rb

@@ -5405,7 +5405,14 @@ module Aws::S3
     #
     #  </note>
     #
-    # Deletes tags from the bucket.
+    # Deletes tags from the general purpose bucket if attribute based access
+    # control (ABAC) is not enabled for the bucket. When you [enable ABAC
+    # for a general purpose bucket][1], you can no longer use this operation
+    # for that bucket and must use [UntagResource][2] instead.
+    #
+    # if ABAC is not enabled for the bucket. When you [enable ABAC for a
+    # general purpose bucket][1], you can no longer use this operation for
+    # that bucket and must use [UntagResource][2] instead.
     #
     # To use this operation, you must have permission to perform the
     # `s3:PutBucketTagging` action. By default, the bucket owner has this
@@ -5413,9 +5420,9 @@ module Aws::S3
     #
     # The following operations are related to `DeleteBucketTagging`:
     #
-    # * [GetBucketTagging][1]
+    # * [GetBucketTagging][3]
     #
-    # * [PutBucketTagging][2]
+    # * [PutBucketTagging][4]
     #
     # You must URL encode any signed header values that contain spaces. For
     # example, if your header value is `my file.txt`, containing two spaces
@@ -5423,8 +5430,10 @@ module Aws::S3
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html
     #
     # @option params [required, String] :bucket
     #   The bucket that has the tag set to be removed.
@@ -6448,6 +6457,49 @@ module Aws::S3
       req.send_request(options)
     end
 
+    # Returns the attribute-based access control (ABAC) property of the
+    # general purpose bucket. If the bucket ABAC is enabled, you can use
+    # tags for bucket access control. For more information, see [Enabling
+    # ABAC in general purpose buckets][1]. Whether ABAC is enabled or
+    # disabled, you can use tags for cost tracking. For more information,
+    # see [Using tags with S3 general purpose buckets][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #
+    # @option params [required, String] :bucket
+    #   The name of the general purpose bucket.
+    #
+    # @option params [String] :expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #
+    # @return [Types::GetBucketAbacOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetBucketAbacOutput#abac_status #abac_status} => Types::AbacStatus
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_bucket_abac({
+    #     bucket: "BucketName", # required
+    #     expected_bucket_owner: "AccountId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.abac_status.status #=> String, one of "Enabled", "Disabled"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAbac AWS API Documentation
+    #
+    # @overload get_bucket_abac(params = {})
+    # @param [Hash] params ({})
+    def get_bucket_abac(params = {}, options = {})
+      req = build_request(:get_bucket_abac, params)
+      req.send_request(options)
+    end
+
     # <note markdown="1"> This operation is not supported for directory buckets.
     #
     #  </note>
@@ -6878,18 +6930,18 @@ module Aws::S3
     # Returns the default encryption configuration for an Amazon S3 bucket.
     # By default, all buckets have a default encryption configuration that
     # uses server-side encryption with Amazon S3 managed keys (SSE-S3). This
-    # operation also returns the `BucketKeyEnabled` and
-    # `BlockedEncryptionTypes` statuses.
+    # operation also returns the [BucketKeyEnabled][1] and
+    # [BlockedEncryptionTypes][2] statuses.
     #
     # <note markdown="1"> * **General purpose buckets** - For information about the bucket
     #   default encryption feature, see [Amazon S3 Bucket Default
-    #   Encryption][1] in the *Amazon S3 User Guide*.
+    #   Encryption][3] in the *Amazon S3 User Guide*.
     #
     # * **Directory buckets** - For directory buckets, there are only two
     #   supported options for server-side encryption: SSE-S3 and SSE-KMS.
     #   For information about the default encryption configuration in
     #   directory buckets, see [Setting default server-side encryption
-    #   behavior for directory buckets][2].
+    #   behavior for directory buckets][4].
     #
     #  </note>
     #
@@ -6899,8 +6951,8 @@ module Aws::S3
     #     policy. The bucket owner has this permission by default. The
     #     bucket owner can grant this permission to others. For more
     #     information about permissions, see [Permissions Related to Bucket
-    #     Operations][3] and [Managing Access Permissions to Your Amazon S3
-    #     Resources][4].
+    #     Operations][5] and [Managing Access Permissions to Your Amazon S3
+    #     Resources][6].
     #
     #   * **Directory bucket permissions** - To grant access to this API
     #     operation, you must have the
@@ -6910,7 +6962,7 @@ module Aws::S3
     #     only be performed by the Amazon Web Services account that owns the
     #     resource. For more information about directory bucket policies and
     #     permissions, see [Amazon Web Services Identity and Access
-    #     Management (IAM) for S3 Express One Zone][5] in the *Amazon S3
+    #     Management (IAM) for S3 Express One Zone][7] in the *Amazon S3
     #     User Guide*.
     #
     # HTTP Host header syntax
@@ -6920,9 +6972,9 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketEncryption`:
     #
-    # * [PutBucketEncryption][6]
+    # * [PutBucketEncryption][8]
     #
-    # * [DeleteBucketEncryption][7]
+    # * [DeleteBucketEncryption][9]
     #
     # You must URL encode any signed header values that contain spaces. For
     # example, if your header value is `my file.txt`, containing two spaces
@@ -6930,13 +6982,15 @@ module Aws::S3
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
-    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_BucketKeyEnabled.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_BlockedEncryptionTypes.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketEncryption.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket from which the server-side encryption
@@ -8722,6 +8776,10 @@ module Aws::S3
     #
     # Returns the tag set associated with the general purpose bucket.
     #
+    # if ABAC is not enabled for the bucket. When you [enable ABAC for a
+    # general purpose bucket][1], you can no longer use this operation for
+    # that bucket and must use [ListTagsForResource][2] instead.
+    #
     # To use this operation, you must have permission to perform the
     # `s3:GetBucketTagging` action. By default, the bucket owner has this
     # permission and can grant this permission to others.
@@ -8736,9 +8794,9 @@ module Aws::S3
     #
     # The following operations are related to `GetBucketTagging`:
     #
-    # * [PutBucketTagging][1]
+    # * [PutBucketTagging][3]
     #
-    # * [DeleteBucketTagging][2]
+    # * [DeleteBucketTagging][4]
     #
     # You must URL encode any signed header values that contain spaces. For
     # example, if your header value is `my file.txt`, containing two spaces
@@ -8746,8 +8804,10 @@ module Aws::S3
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListTagsForResource.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html
     #
     # @option params [required, String] :bucket
     #   The name of the bucket for which to get the tagging information.
@@ -13986,6 +14046,83 @@ module Aws::S3
       req.send_request(options)
     end
 
+    # Sets the attribute-based access control (ABAC) property of the general
+    # purpose bucket. When you enable ABAC, you can use tags for bucket
+    # access control. Additionally, when ABAC is enabled, you must use the
+    # [TagResource][1], [UntagResource][2], and [ListTagsForResource][3]
+    # actions to manage bucket tags, and you can nolonger use the
+    # [PutBucketTagging][4] and [DeleteBucketTagging][5] actions to tag the
+    # bucket. You must also have the correct permissions for these actions.
+    # For more information, see [Enabling ABAC in general purpose
+    # buckets][6].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_TagResource.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListTagsForResource.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html
+    #
+    # @option params [required, String] :bucket
+    #   The name of the general purpose bucket.
+    #
+    # @option params [String] :content_md5
+    #   The MD5 hash of the `PutBucketAbac` request body.
+    #
+    #   For requests made using the Amazon Web Services Command Line Interface
+    #   (CLI) or Amazon Web Services SDKs, this field is calculated
+    #   automatically.
+    #
+    # @option params [String] :checksum_algorithm
+    #   Indicates the algorithm that you want Amazon S3 to use to create the
+    #   checksum. For more information, see [ Checking object integrity][1] in
+    #   the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
+    #
+    # @option params [String] :expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #
+    # @option params [required, Types::AbacStatus] :abac_status
+    #   The ABAC status of the general purpose bucket. When ABAC is enabled
+    #   for the general purpose bucket, you can use tags to manage access to
+    #   the general purpose buckets as well as for cost tracking purposes.
+    #   When ABAC is disabled for the general purpose buckets, you can only
+    #   use tags for cost tracking purposes. For more information, see [Using
+    #   tags with S3 general purpose buckets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_bucket_abac({
+    #     bucket: "BucketName", # required
+    #     content_md5: "ContentMD5",
+    #     checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256, CRC64NVME
+    #     expected_bucket_owner: "AccountId",
+    #     abac_status: { # required
+    #       status: "Enabled", # accepts Enabled, Disabled
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAbac AWS API Documentation
+    #
+    # @overload put_bucket_abac(params = {})
+    # @param [Hash] params ({})
+    def put_bucket_abac(params = {}, options = {})
+      req = build_request(:put_bucket_abac, params)
+      req.send_request(options)
+    end
+
     # <note markdown="1"> This operation is not supported for directory buckets.
     #
     #  </note>
@@ -14728,8 +14865,8 @@ module Aws::S3
     end
 
     # This operation configures default encryption and Amazon S3 Bucket Keys
-    # for an existing bucket. You can also block encryption types using this
-    # operation.
+    # for an existing bucket. You can also [block encryption types][1] using
+    # this operation.
     #
     # <note markdown="1"> <b>Directory buckets </b> - For directory buckets, you must make
     # requests for this API operation to the Regional endpoint. These
@@ -14737,9 +14874,9 @@ module Aws::S3
     # `https://s3express-control.region-code.amazonaws.com/bucket-name `.
     # Virtual-hosted-style requests aren't supported. For more information
     # about endpoints in Availability Zones, see [Regional and Zonal
-    # endpoints for directory buckets in Availability Zones][1] in the
+    # endpoints for directory buckets in Availability Zones][2] in the
     # *Amazon S3 User Guide*. For more information about endpoints in Local
-    # Zones, see [Concepts for directory buckets in Local Zones][2] in the
+    # Zones, see [Concepts for directory buckets in Local Zones][3] in the
     # *Amazon S3 User Guide*.
     #
     #  </note>
@@ -14754,12 +14891,12 @@ module Aws::S3
     #     keys (SSE-KMS) or dual-layer server-side encryption with Amazon
     #     Web Services KMS keys (DSSE-KMS). If you specify default
     #     encryption by using SSE-KMS, you can also configure [Amazon S3
-    #     Bucket Keys][3]. For information about the bucket default
-    #     encryption feature, see [Amazon S3 Bucket Default Encryption][4]
+    #     Bucket Keys][4]. For information about the bucket default
+    #     encryption feature, see [Amazon S3 Bucket Default Encryption][5]
     #     in the *Amazon S3 User Guide*.
     #
     #   * If you use PutBucketEncryption to set your [default bucket
-    #     encryption][4] to SSE-KMS, you should verify that your KMS key ID
+    #     encryption][5] to SSE-KMS, you should verify that your KMS key ID
     #     is correct. Amazon S3 doesn't validate the KMS key ID provided in
     #     PutBucketEncryption requests.
     # * <b>Directory buckets </b> - You can optionally configure default
@@ -14773,28 +14910,28 @@ module Aws::S3
     #     encrypted with the desired encryption settings. For more
     #     information about the encryption overriding behaviors in directory
     #     buckets, see [Specifying server-side encryption with KMS for new
-    #     object uploads][5].
+    #     object uploads][6].
     #
     #   * Your SSE-KMS configuration can only support 1 [customer managed
-    #     key][6] per directory bucket's lifetime. The [Amazon Web Services
-    #     managed key][7] (`aws/s3`) isn't supported.
+    #     key][7] per directory bucket's lifetime. The [Amazon Web Services
+    #     managed key][8] (`aws/s3`) isn't supported.
     #
     #   * S3 Bucket Keys are always enabled for `GET` and `PUT` operations
     #     in a directory bucket and can’t be disabled. S3 Bucket Keys
     #     aren't supported, when you copy SSE-KMS encrypted objects from
     #     general purpose buckets to directory buckets, from directory
     #     buckets to general purpose buckets, or between directory buckets,
-    #     through [CopyObject][8], [UploadPartCopy][9], [the Copy operation
-    #     in Batch Operations][10], or [the import jobs][11]. In this case,
+    #     through [CopyObject][9], [UploadPartCopy][10], [the Copy operation
+    #     in Batch Operations][11], or [the import jobs][12]. In this case,
     #     Amazon S3 makes a call to KMS every time a copy request is made
     #     for a KMS-encrypted object.
     #
-    #   * When you specify an [KMS customer managed key][6] for encryption
+    #   * When you specify an [KMS customer managed key][7] for encryption
     #     in your directory bucket, only use the key ID or key ARN. The key
     #     alias format of the KMS key isn't supported.
     #
     #   * For directory buckets, if you use PutBucketEncryption to set your
-    #     [default bucket encryption][4] to SSE-KMS, Amazon S3 validates the
+    #     [default bucket encryption][5] to SSE-KMS, Amazon S3 validates the
     #     KMS key ID provided in PutBucketEncryption requests.
     #
     #  </note>
@@ -14807,7 +14944,7 @@ module Aws::S3
     #
     #  Also, this action requires Amazon Web Services Signature Version 4.
     # For more information, see [ Authenticating Requests (Amazon Web
-    # Services Signature Version 4)][12].
+    # Services Signature Version 4)][13].
     #
     # Permissions
     # : * **General purpose bucket permissions** - The
@@ -14815,8 +14952,8 @@ module Aws::S3
     #     policy. The bucket owner has this permission by default. The
     #     bucket owner can grant this permission to others. For more
     #     information about permissions, see [Permissions Related to Bucket
-    #     Operations][13] and [Managing Access Permissions to Your Amazon S3
-    #     Resources][14] in the *Amazon S3 User Guide*.
+    #     Operations][14] and [Managing Access Permissions to Your Amazon S3
+    #     Resources][15] in the *Amazon S3 User Guide*.
     #
     #   * **Directory bucket permissions** - To grant access to this API
     #     operation, you must have the
@@ -14826,7 +14963,7 @@ module Aws::S3
     #     only be performed by the Amazon Web Services account that owns the
     #     resource. For more information about directory bucket policies and
     #     permissions, see [Amazon Web Services Identity and Access
-    #     Management (IAM) for S3 Express One Zone][15] in the *Amazon S3
+    #     Management (IAM) for S3 Express One Zone][16] in the *Amazon S3
     #     User Guide*.
     #
     #     To set a directory bucket default encryption with SSE-KMS, you
@@ -14841,9 +14978,9 @@ module Aws::S3
     #
     # The following operations are related to `PutBucketEncryption`:
     #
-    # * [GetBucketEncryption][16]
+    # * [GetBucketEncryption][17]
     #
-    # * [DeleteBucketEncryption][17]
+    # * [DeleteBucketEncryption][18]
     #
     # You must URL encode any signed header values that contain spaces. For
     # example, if your header value is `my file.txt`, containing two spaces
@@ -14851,23 +14988,24 @@ module Aws::S3
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
-    # [6]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
-    # [7]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
-    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
-    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
-    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
-    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
-    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
-    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
-    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
-    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
-    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
-    # [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_BlockedEncryptionTypes.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html
+    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
+    # [7]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
+    # [8]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
+    # [11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
+    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
+    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
+    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
+    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
+    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html
+    # [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html
+    # [18]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html
     #
     # @option params [required, String] :bucket
     #   Specifies default encryption for a bucket using server-side encryption
@@ -16950,7 +17088,15 @@ module Aws::S3
     #
     #  </note>
     #
-    # Sets the tags for a general purpose bucket.
+    # Sets the tags for a general purpose bucket if attribute based access
+    # control (ABAC) is not enabled for the bucket. When you [enable ABAC
+    # for a general purpose bucket][1], you can no longer use this operation
+    # for that bucket and must use the [TagResource][2] or
+    # [UntagResource][3] operations instead.
+    #
+    # if ABAC is not enabled for the bucket. When you [enable ABAC for a
+    # general purpose bucket][1], you can no longer use this operation for
+    # that bucket and must use [TagResource][2] instead.
     #
     # Use tags to organize your Amazon Web Services bill to reflect your own
     # cost structure. To do this, sign up to get your Amazon Web Services
@@ -16960,8 +17106,8 @@ module Aws::S3
     # several resources with a specific application name, and then organize
     # your billing information to see the total cost of that application
     # across several services. For more information, see [Cost Allocation
-    # and Tagging][1] and [Using Cost Allocation in Amazon S3 Bucket
-    # Tags][2].
+    # and Tagging][4] and [Using Cost Allocation in Amazon S3 Bucket
+    # Tags][5].
     #
     # <note markdown="1"> When this operation sets the tags for a bucket, it will overwrite any
     # current tags the bucket already has. You cannot use this operation to
@@ -16973,16 +17119,16 @@ module Aws::S3
     # `s3:PutBucketTagging` action. The bucket owner has this permission by
     # default and can grant this permission to others. For more information
     # about permissions, see [Permissions Related to Bucket Subresource
-    # Operations][3] and [Managing Access Permissions to Your Amazon S3
-    # Resources][4].
+    # Operations][6] and [Managing Access Permissions to Your Amazon S3
+    # Resources][7].
     #
     # `PutBucketTagging` has the following special errors. For more Amazon
-    # S3 errors see, [Error Responses][5].
+    # S3 errors see, [Error Responses][8].
     #
     # * `InvalidTag` - The tag provided was not a valid tag. This error can
     #   occur if the tag did not pass input validation. For more
     #   information, see [Using Cost Allocation in Amazon S3 Bucket
-    #   Tags][2].
+    #   Tags][5].
     #
     # * `MalformedXML` - The XML provided does not match the schema.
     #
@@ -16994,9 +17140,9 @@ module Aws::S3
     #
     # The following operations are related to `PutBucketTagging`:
     #
-    # * [GetBucketTagging][6]
+    # * [GetBucketTagging][9]
     #
-    # * [DeleteBucketTagging][7]
+    # * [DeleteBucketTagging][10]
     #
     # You must URL encode any signed header values that contain spaces. For
     # example, if your header value is `my file.txt`, containing two spaces
@@ -17004,13 +17150,16 @@ module Aws::S3
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html
-    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html
-    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
-    # [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
-    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
-    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html
-    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html
+    # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_TagResource.html
+    # [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html
+    # [4]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html
+    # [5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html
+    # [6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources
+    # [7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html
+    # [8]: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
+    # [9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketTagging.html
+    # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
@@ -20870,6 +21019,15 @@ module Aws::S3
     #     Multipart request. For more information, see
     #     [CreateMultipartUpload][2].
     #
+    #     <note markdown="1"> If you have server-side encryption with customer-provided keys
+    #     (SSE-C) blocked for your general purpose bucket, you will get an
+    #     HTTP 403 Access Denied error when you specify the SSE-C request
+    #     headers while writing new data to your bucket. For more
+    #     information, see [Blocking or unblocking SSE-C for a general
+    #     purpose bucket][12].
+    #
+    #      </note>
+    #
     #     If you request server-side encryption using a customer-provided
     #     encryption key (SSE-C) in your initiate multipart upload request,
     #     you must provide identical encryption information in each part
@@ -20880,7 +21038,7 @@ module Aws::S3
     #     * x-amz-server-side-encryption-customer-key
     #
     #     * x-amz-server-side-encryption-customer-key-MD5
-    #     For more information, see [Using Server-Side Encryption][12] in
+    #     For more information, see [Using Server-Side Encryption][13] in
     #     the *Amazon S3 User Guide*.
     #
     #   * <b>Directory buckets </b> - For directory buckets, there are only
@@ -20908,13 +21066,13 @@ module Aws::S3
     #
     # * [CreateMultipartUpload][2]
     #
-    # * [CompleteMultipartUpload][13]
+    # * [CompleteMultipartUpload][14]
     #
-    # * [AbortMultipartUpload][14]
+    # * [AbortMultipartUpload][15]
     #
-    # * [ListParts][15]
+    # * [ListParts][16]
     #
-    # * [ListMultipartUploads][16]
+    # * [ListMultipartUploads][17]
     #
     # You must URL encode any signed header values that contain spaces. For
     # example, if your header value is `my file.txt`, containing two spaces
@@ -20933,11 +21091,12 @@ module Aws::S3
     # [9]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions
     # [10]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html
     # [11]: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
-    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
-    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
-    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
-    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
-    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
+    # [12]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html
+    # [13]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
+    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
+    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [String, StringIO, File] :body
     #   Object data.
@@ -21336,12 +21495,21 @@ module Aws::S3
     #     the `UploadPartCopy` operation, see [CopyObject][13] and
     #     [UploadPart][2].
     #
+    #     <note markdown="1"> If you have server-side encryption with customer-provided keys
+    #     (SSE-C) blocked for your general purpose bucket, you will get an
+    #     HTTP 403 Access Denied error when you specify the SSE-C request
+    #     headers while writing new data to your bucket. For more
+    #     information, see [Blocking or unblocking SSE-C for a general
+    #     purpose bucket][14].
+    #
+    #      </note>
+    #
     #   * <b>Directory buckets </b> - For directory buckets, there are only
     #     two supported options for server-side encryption: server-side
     #     encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
     #     server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). For
     #     more information, see [Protecting data with server-side
-    #     encryption][14] in the *Amazon S3 User Guide*.
+    #     encryption][15] in the *Amazon S3 User Guide*.
     #
     #     <note markdown="1"> For directory buckets, when you perform a `CreateMultipartUpload`
     #     operation and an `UploadPartCopy` operation, the request headers
@@ -21353,7 +21521,7 @@ module Aws::S3
     #     S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted
     #     objects from general purpose buckets to directory buckets, from
     #     directory buckets to general purpose buckets, or between directory
-    #     buckets, through [UploadPartCopy][15]. In this case, Amazon S3
+    #     buckets, through [UploadPartCopy][16]. In this case, Amazon S3
     #     makes a call to KMS every time a copy request is made for a
     #     KMS-encrypted object.
     #
@@ -21379,17 +21547,17 @@ module Aws::S3
     #
     # The following operations are related to `UploadPartCopy`:
     #
-    # * [CreateMultipartUpload][16]
+    # * [CreateMultipartUpload][17]
     #
     # * [UploadPart][2]
     #
-    # * [CompleteMultipartUpload][17]
+    # * [CompleteMultipartUpload][18]
     #
-    # * [AbortMultipartUpload][18]
+    # * [AbortMultipartUpload][19]
     #
-    # * [ListParts][19]
+    # * [ListParts][20]
     #
-    # * [ListMultipartUploads][20]
+    # * [ListMultipartUploads][21]
     #
     # You must URL encode any signed header values that contain spaces. For
     # example, if your header value is `my file.txt`, containing two spaces
@@ -21410,13 +21578,14 @@ module Aws::S3
     # [11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html
     # [12]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html
     # [13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
-    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
-    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
-    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
-    # [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
-    # [18]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
-    # [19]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
-    # [20]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
+    # [14]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/blocking-unblocking-s3-c-encryption-gpb.html
+    # [15]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
+    # [16]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
+    # [17]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html
+    # [18]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html
+    # [19]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html
+    # [20]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html
+    # [21]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html
     #
     # @option params [required, String] :bucket
     #   The bucket name.
@@ -22244,7 +22413,7 @@ module Aws::S3
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.204.0'
+      context[:gem_version] = '1.205.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-s3/client_api.rb

@@ -14,6 +14,7 @@ module Aws::S3
 
     include Seahorse::Model
 
+    AbacStatus = Shapes::StructureShape.new(name: 'AbacStatus')
     AbortDate = Shapes::TimestampShape.new(name: 'AbortDate')
     AbortIncompleteMultipartUpload = Shapes::StructureShape.new(name: 'AbortIncompleteMultipartUpload')
     AbortMultipartUploadOutput = Shapes::StructureShape.new(name: 'AbortMultipartUploadOutput')
@@ -46,6 +47,7 @@ module Aws::S3
     BlockedEncryptionTypes = Shapes::StructureShape.new(name: 'BlockedEncryptionTypes')
     Body = Shapes::BlobShape.new(name: 'Body')
     Bucket = Shapes::StructureShape.new(name: 'Bucket')
+    BucketAbacStatus = Shapes::StringShape.new(name: 'BucketAbacStatus')
     BucketAccelerateStatus = Shapes::StringShape.new(name: 'BucketAccelerateStatus')
     BucketAlreadyExists = Shapes::StructureShape.new(name: 'BucketAlreadyExists')
     BucketAlreadyOwnedByYou = Shapes::StructureShape.new(name: 'BucketAlreadyOwnedByYou')
@@ -211,6 +213,8 @@ module Aws::S3
     FilterRuleList = Shapes::ListShape.new(name: 'FilterRuleList', flattened: true)
     FilterRuleName = Shapes::StringShape.new(name: 'FilterRuleName')
     FilterRuleValue = Shapes::StringShape.new(name: 'FilterRuleValue')
+    GetBucketAbacOutput = Shapes::StructureShape.new(name: 'GetBucketAbacOutput')
+    GetBucketAbacRequest = Shapes::StructureShape.new(name: 'GetBucketAbacRequest')
     GetBucketAccelerateConfigurationOutput = Shapes::StructureShape.new(name: 'GetBucketAccelerateConfigurationOutput')
     GetBucketAccelerateConfigurationRequest = Shapes::StructureShape.new(name: 'GetBucketAccelerateConfigurationRequest')
     GetBucketAclOutput = Shapes::StructureShape.new(name: 'GetBucketAclOutput')
@@ -500,6 +504,7 @@ module Aws::S3
     ProgressEvent = Shapes::StructureShape.new(name: 'ProgressEvent')
     Protocol = Shapes::StringShape.new(name: 'Protocol')
     PublicAccessBlockConfiguration = Shapes::StructureShape.new(name: 'PublicAccessBlockConfiguration')
+    PutBucketAbacRequest = Shapes::StructureShape.new(name: 'PutBucketAbacRequest')
     PutBucketAccelerateConfigurationRequest = Shapes::StructureShape.new(name: 'PutBucketAccelerateConfigurationRequest')
     PutBucketAclRequest = Shapes::StructureShape.new(name: 'PutBucketAclRequest')
     PutBucketAnalyticsConfigurationRequest = Shapes::StructureShape.new(name: 'PutBucketAnalyticsConfigurationRequest')
@@ -689,6 +694,9 @@ module Aws::S3
     WriteOffsetBytes = Shapes::IntegerShape.new(name: 'WriteOffsetBytes')
     Years = Shapes::IntegerShape.new(name: 'Years')
 
+    AbacStatus.add_member(:status, Shapes::ShapeRef.new(shape: BucketAbacStatus, location_name: "Status"))
+    AbacStatus.struct_class = Types::AbacStatus
+
     AbortIncompleteMultipartUpload.add_member(:days_after_initiation, Shapes::ShapeRef.new(shape: DaysAfterInitiation, location_name: "DaysAfterInitiation"))
     AbortIncompleteMultipartUpload.struct_class = Types::AbortIncompleteMultipartUpload
 
@@ -1262,6 +1270,15 @@ module Aws::S3
 
     FilterRuleList.member = Shapes::ShapeRef.new(shape: FilterRule)
 
+    GetBucketAbacOutput.add_member(:abac_status, Shapes::ShapeRef.new(shape: AbacStatus, location_name: "AbacStatus"))
+    GetBucketAbacOutput.struct_class = Types::GetBucketAbacOutput
+    GetBucketAbacOutput[:payload] = :abac_status
+    GetBucketAbacOutput[:payload_member] = GetBucketAbacOutput.member(:abac_status)
+
+    GetBucketAbacRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
+    GetBucketAbacRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    GetBucketAbacRequest.struct_class = Types::GetBucketAbacRequest
+
     GetBucketAccelerateConfigurationOutput.add_member(:status, Shapes::ShapeRef.new(shape: BucketAccelerateStatus, location_name: "Status"))
     GetBucketAccelerateConfigurationOutput.add_member(:request_charged, Shapes::ShapeRef.new(shape: RequestCharged, location: "header", location_name: "x-amz-request-charged"))
     GetBucketAccelerateConfigurationOutput.struct_class = Types::GetBucketAccelerateConfigurationOutput
@@ -2302,6 +2319,15 @@ module Aws::S3
     PublicAccessBlockConfiguration.add_member(:restrict_public_buckets, Shapes::ShapeRef.new(shape: Setting, location_name: "RestrictPublicBuckets"))
     PublicAccessBlockConfiguration.struct_class = Types::PublicAccessBlockConfiguration
 
+    PutBucketAbacRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
+    PutBucketAbacRequest.add_member(:content_md5, Shapes::ShapeRef.new(shape: ContentMD5, location: "header", location_name: "Content-MD5"))
+    PutBucketAbacRequest.add_member(:checksum_algorithm, Shapes::ShapeRef.new(shape: ChecksumAlgorithm, location: "header", location_name: "x-amz-sdk-checksum-algorithm"))
+    PutBucketAbacRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    PutBucketAbacRequest.add_member(:abac_status, Shapes::ShapeRef.new(shape: AbacStatus, required: true, location_name: "AbacStatus", metadata: {"xmlNamespace" => {"uri" => "http://s3.amazonaws.com/doc/2006-03-01/"}}))
+    PutBucketAbacRequest.struct_class = Types::PutBucketAbacRequest
+    PutBucketAbacRequest[:payload] = :abac_status
+    PutBucketAbacRequest[:payload_member] = PutBucketAbacRequest.member(:abac_status)
+
     PutBucketAccelerateConfigurationRequest.add_member(:bucket, Shapes::ShapeRef.new(shape: BucketName, required: true, location: "uri", location_name: "Bucket", metadata: {"contextParam" => {"name" => "Bucket"}}))
     PutBucketAccelerateConfigurationRequest.add_member(:accelerate_configuration, Shapes::ShapeRef.new(shape: AccelerateConfiguration, required: true, location_name: "AccelerateConfiguration", metadata: {"xmlNamespace" => {"uri" => "http://s3.amazonaws.com/doc/2006-03-01/"}}))
     PutBucketAccelerateConfigurationRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
@@ -3343,6 +3369,14 @@ module Aws::S3
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
       end)
 
+      api.add_operation(:get_bucket_abac, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetBucketAbac"
+        o.http_method = "GET"
+        o.http_request_uri = "/?abac"
+        o.input = Shapes::ShapeRef.new(shape: GetBucketAbacRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetBucketAbacOutput)
+      end)
+
       api.add_operation(:get_bucket_accelerate_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetBucketAccelerateConfiguration"
         o.http_method = "GET"
@@ -3777,6 +3811,22 @@ module Aws::S3
         )
       end)
 
+      api.add_operation(:put_bucket_abac, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutBucketAbac"
+        o.http_method = "PUT"
+        o.http_request_uri = "/?abac"
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => false,
+        }
+        o.http_checksum = {
+          "requestAlgorithmMember" => "checksum_algorithm",
+          "requestChecksumRequired" => false,
+        }
+        o.input = Shapes::ShapeRef.new(shape: PutBucketAbacRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+      end)
+
       api.add_operation(:put_bucket_accelerate_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutBucketAccelerateConfiguration"
         o.http_method = "PUT"

data/lib/aws-sdk-s3/endpoints.rb

@@ -337,6 +337,17 @@ module Aws::S3
       end
     end
 
+    class GetBucketAbac
+      def self.build(context)
+        Aws::S3::EndpointParameters.create(
+          context.config,
+          bucket: context.params[:bucket],
+          use_dual_stack: context[:use_dualstack_endpoint],
+          accelerate: context[:use_accelerate_endpoint],
+        )
+      end
+    end
+
     class GetBucketAccelerateConfiguration
       def self.build(context)
         Aws::S3::EndpointParameters.create(
@@ -878,6 +889,17 @@ module Aws::S3
       end
     end
 
+    class PutBucketAbac
+      def self.build(context)
+        Aws::S3::EndpointParameters.create(
+          context.config,
+          bucket: context.params[:bucket],
+          use_dual_stack: context[:use_dualstack_endpoint],
+          accelerate: context[:use_accelerate_endpoint],
+        )
+      end
+    end
+
     class PutBucketAccelerateConfiguration
       def self.build(context)
         Aws::S3::EndpointParameters.create(
@@ -1348,6 +1370,8 @@ module Aws::S3
         DeleteObjects.build(context)
       when :delete_public_access_block
         DeletePublicAccessBlock.build(context)
+      when :get_bucket_abac
+        GetBucketAbac.build(context)
       when :get_bucket_accelerate_configuration
         GetBucketAccelerateConfiguration.build(context)
       when :get_bucket_acl
@@ -1440,6 +1464,8 @@ module Aws::S3
         ListObjectsV2.build(context)
       when :list_parts
         ListParts.build(context)
+      when :put_bucket_abac
+        PutBucketAbac.build(context)
       when :put_bucket_accelerate_configuration
         PutBucketAccelerateConfiguration.build(context)
       when :put_bucket_acl

data/lib/aws-sdk-s3/types.rb

@@ -10,6 +10,29 @@
 module Aws::S3
   module Types
 
+    # The ABAC status of the general purpose bucket. When ABAC is enabled
+    # for the general purpose bucket, you can use tags to manage access to
+    # the general purpose buckets as well as for cost tracking purposes.
+    # When ABAC is disabled for the general purpose buckets, you can only
+    # use tags for cost tracking purposes. For more information, see [Using
+    # tags with S3 general purpose buckets][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #
+    # @!attribute [rw] status
+    #   The ABAC status of the general purpose bucket.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/AbacStatus AWS API Documentation
+    #
+    class AbacStatus < Struct.new(
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the days since the initiation of an incomplete multipart
     # upload that Amazon S3 will wait before permanently removing all parts
     # of the upload. For more information, see [ Aborting Incomplete
@@ -6422,6 +6445,36 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] abac_status
+    #   The ABAC status of the general purpose bucket.
+    #   @return [Types::AbacStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAbacOutput AWS API Documentation
+    #
+    class GetBucketAbacOutput < Struct.new(
+      :abac_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The name of the general purpose bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetBucketAbacRequest AWS API Documentation
+    #
+    class GetBucketAbacRequest < Struct.new(
+      :bucket,
+      :expected_bucket_owner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] status
     #   The accelerate configuration of the bucket.
     #   @return [String]
@@ -14296,6 +14349,58 @@ module Aws::S3
       include Aws::Structure
     end
 
+    # @!attribute [rw] bucket
+    #   The name of the general purpose bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] content_md5
+    #   The MD5 hash of the `PutBucketAbac` request body.
+    #
+    #   For requests made using the Amazon Web Services Command Line
+    #   Interface (CLI) or Amazon Web Services SDKs, this field is
+    #   calculated automatically.
+    #   @return [String]
+    #
+    # @!attribute [rw] checksum_algorithm
+    #   Indicates the algorithm that you want Amazon S3 to use to create the
+    #   checksum. For more information, see [ Checking object integrity][1]
+    #   in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID of the general purpose bucket's
+    #   owner.
+    #   @return [String]
+    #
+    # @!attribute [rw] abac_status
+    #   The ABAC status of the general purpose bucket. When ABAC is enabled
+    #   for the general purpose bucket, you can use tags to manage access to
+    #   the general purpose buckets as well as for cost tracking purposes.
+    #   When ABAC is disabled for the general purpose buckets, you can only
+    #   use tags for cost tracking purposes. For more information, see
+    #   [Using tags with S3 general purpose buckets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging.html
+    #   @return [Types::AbacStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/PutBucketAbacRequest AWS API Documentation
+    #
+    class PutBucketAbacRequest < Struct.new(
+      :bucket,
+      :content_md5,
+      :checksum_algorithm,
+      :expected_bucket_owner,
+      :abac_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] bucket
     #   The name of the bucket for which the accelerate configuration is
     #   set.

data/lib/aws-sdk-s3.rb

@@ -75,7 +75,7 @@ module Aws::S3
   autoload :ObjectVersion, 'aws-sdk-s3/object_version'
   autoload :EventStreams, 'aws-sdk-s3/event_streams'
 
-  GEM_VERSION = '1.204.0'
+  GEM_VERSION = '1.205.0'
 
 end
 

data/sig/client.rbs

@@ -554,6 +554,17 @@ module Aws
                                       ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      interface _GetBucketAbacResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetBucketAbacOutput]
+        def abac_status: () -> Types::AbacStatus
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#get_bucket_abac-instance_method
+      def get_bucket_abac: (
+                             bucket: ::String,
+                             ?expected_bucket_owner: ::String
+                           ) -> _GetBucketAbacResponseSuccess
+                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetBucketAbacResponseSuccess
+
       interface _GetBucketAccelerateConfigurationResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetBucketAccelerateConfigurationOutput]
         def status: () -> ("Enabled" | "Suspended")
@@ -1353,6 +1364,18 @@ module Aws
                       ) -> _ListPartsResponseSuccess
                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListPartsResponseSuccess
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_abac-instance_method
+      def put_bucket_abac: (
+                             bucket: ::String,
+                             ?content_md5: ::String,
+                             ?checksum_algorithm: ("CRC32" | "CRC32C" | "SHA1" | "SHA256" | "CRC64NVME"),
+                             ?expected_bucket_owner: ::String,
+                             abac_status: {
+                               status: ("Enabled" | "Disabled")?
+                             }
+                           ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_accelerate_configuration-instance_method
       def put_bucket_accelerate_configuration: (
                                                  bucket: ::String,

data/sig/types.rbs

@@ -8,6 +8,11 @@
 module Aws::S3
   module Types
 
+    class AbacStatus
+      attr_accessor status: ("Enabled" | "Disabled")
+      SENSITIVE: []
+    end
+
     class AbortIncompleteMultipartUpload
       attr_accessor days_after_initiation: ::Integer
       SENSITIVE: []
@@ -701,6 +706,17 @@ module Aws::S3
       SENSITIVE: []
     end
 
+    class GetBucketAbacOutput
+      attr_accessor abac_status: Types::AbacStatus
+      SENSITIVE: []
+    end
+
+    class GetBucketAbacRequest
+      attr_accessor bucket: ::String
+      attr_accessor expected_bucket_owner: ::String
+      SENSITIVE: []
+    end
+
     class GetBucketAccelerateConfigurationOutput
       attr_accessor status: ("Enabled" | "Suspended")
       attr_accessor request_charged: ("requester")
@@ -1998,6 +2014,15 @@ module Aws::S3
       SENSITIVE: []
     end
 
+    class PutBucketAbacRequest
+      attr_accessor bucket: ::String
+      attr_accessor content_md5: ::String
+      attr_accessor checksum_algorithm: ("CRC32" | "CRC32C" | "SHA1" | "SHA256" | "CRC64NVME")
+      attr_accessor expected_bucket_owner: ::String
+      attr_accessor abac_status: Types::AbacStatus
+      SENSITIVE: []
+    end
+
     class PutBucketAccelerateConfigurationRequest
       attr_accessor bucket: ::String
       attr_accessor accelerate_configuration: Types::AccelerateConfiguration

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-s3
 version: !ruby/object:Gem::Version
-  version: 1.204.0
+  version: 1.205.0
 platform: ruby
 authors:
 - Amazon Web Services