aws-sdk-s3control 1.117.0 → 1.118.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc21d4df1f2a21ecd7727edbe79f833d2af50e5bd2ac839d3599f381f4448fde
-  data.tar.gz: 9cdc3913c3f465d618303f88731198540806709d52ab5cbd7ae2ba70d12f37f8
+  metadata.gz: dfcbb1c9d169ef63f638ea6a3ce1c8c7ec98e629c968437ce0f5a0113bc7dce4
+  data.tar.gz: d58fd0d62d54e297832c0b1c2d896bf4634c2331a8362bf54b4c37b551a38ed2
 SHA512:
-  metadata.gz: 02a4e39ffe82536d5a04b8dd49f674139c4f86dd32e06a0363c12b54623ef109b972a83e916d0b73cc5035bd31b71b4fe1189ca0d1208730e83f814bcb515a7e
-  data.tar.gz: 1ccdfa9fc1c69afbdf76f166d6d7f92e9412cd1f2a8f8faeba45f3129343b570725266b07207261c10ef60358aff6712092028765ea4a420c73567fe08a64d9b
+  metadata.gz: 0232f31f238a6e9ff83996bdcb39650492271bfbae3f984cf2ff6fd8daf4a6d0199b531f807da893ee85b9d392c0a2ad8e4f4b7101b42682113f2382b9e4cdb4
+  data.tar.gz: f9f36f951a91d08e201049bcfccecd60088f6cb848f82e06da99e5f094da2646137b737169e12e578cdbfd1dfb6d78e9954c899334b6af29ffc15262b8246031

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.118.0 (2025-09-15)
+------------------
+
+* Feature - Introduce three new encryption filters: EncryptionType (SSE-S3, SSE-KMS, DSSE-KMS, SSE-C, NOT-SSE), KmsKeyArn (for SSE-KMS and DSSE-KMS), and BucketKeyEnabled (for SSE-KMS).
+
 1.117.0 (2025-08-26)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.117.0
+1.118.0

data/lib/aws-sdk-s3control/client.rb

@@ -1570,6 +1570,23 @@ module Aws::S3Control
     #           object_size_greater_than_bytes: 1,
     #           object_size_less_than_bytes: 1,
     #           match_any_storage_class: ["STANDARD"], # accepts STANDARD, STANDARD_IA, ONEZONE_IA, GLACIER, INTELLIGENT_TIERING, DEEP_ARCHIVE, GLACIER_IR
+    #           match_any_object_encryption: [
+    #             {
+    #               sses3: {
+    #               },
+    #               ssekms: {
+    #                 kms_key_arn: "NonEmptyKmsKeyArnString",
+    #                 bucket_key_enabled: false,
+    #               },
+    #               dssekms: {
+    #                 kms_key_arn: "NonEmptyKmsKeyArnString",
+    #               },
+    #               ssec: {
+    #               },
+    #               notsse: {
+    #               },
+    #             },
+    #           ],
     #         },
     #         enable_manifest_output: false, # required
     #       },
@@ -3154,6 +3171,10 @@ module Aws::S3Control
     #   resp.job.manifest_generator.s3_job_manifest_generator.filter.object_size_less_than_bytes #=> Integer
     #   resp.job.manifest_generator.s3_job_manifest_generator.filter.match_any_storage_class #=> Array
     #   resp.job.manifest_generator.s3_job_manifest_generator.filter.match_any_storage_class[0] #=> String, one of "STANDARD", "STANDARD_IA", "ONEZONE_IA", "GLACIER", "INTELLIGENT_TIERING", "DEEP_ARCHIVE", "GLACIER_IR"
+    #   resp.job.manifest_generator.s3_job_manifest_generator.filter.match_any_object_encryption #=> Array
+    #   resp.job.manifest_generator.s3_job_manifest_generator.filter.match_any_object_encryption[0].ssekms.kms_key_arn #=> String
+    #   resp.job.manifest_generator.s3_job_manifest_generator.filter.match_any_object_encryption[0].ssekms.bucket_key_enabled #=> Boolean
+    #   resp.job.manifest_generator.s3_job_manifest_generator.filter.match_any_object_encryption[0].dssekms.kms_key_arn #=> String
     #   resp.job.manifest_generator.s3_job_manifest_generator.enable_manifest_output #=> Boolean
     #   resp.job.generated_manifest_descriptor.format #=> String, one of "S3InventoryReport_CSV_20211130"
     #   resp.job.generated_manifest_descriptor.location.object_arn #=> String
@@ -8489,7 +8510,7 @@ module Aws::S3Control
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-s3control'
-      context[:gem_version] = '1.117.0'
+      context[:gem_version] = '1.118.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-s3control/client_api.rb

@@ -90,6 +90,7 @@ module Aws::S3Control
     CreationDate = Shapes::TimestampShape.new(name: 'CreationDate')
     CreationTimestamp = Shapes::TimestampShape.new(name: 'CreationTimestamp')
     Credentials = Shapes::StructureShape.new(name: 'Credentials')
+    DSSEKMSFilter = Shapes::StructureShape.new(name: 'DSSEKMSFilter')
     DataSourceId = Shapes::StringShape.new(name: 'DataSourceId')
     DataSourceType = Shapes::StringShape.new(name: 'DataSourceType')
     Date = Shapes::TimestampShape.new(name: 'Date')
@@ -326,6 +327,7 @@ module Aws::S3Control
     NetworkOrigin = Shapes::StringShape.new(name: 'NetworkOrigin')
     NoSuchPublicAccessBlockConfiguration = Shapes::StructureShape.new(name: 'NoSuchPublicAccessBlockConfiguration')
     NoSuchPublicAccessBlockConfigurationMessage = Shapes::StringShape.new(name: 'NoSuchPublicAccessBlockConfigurationMessage')
+    NonEmptyKmsKeyArnString = Shapes::StringShape.new(name: 'NonEmptyKmsKeyArnString')
     NonEmptyMaxLength1024String = Shapes::StringShape.new(name: 'NonEmptyMaxLength1024String')
     NonEmptyMaxLength1024StringList = Shapes::ListShape.new(name: 'NonEmptyMaxLength1024StringList')
     NonEmptyMaxLength2048String = Shapes::StringShape.new(name: 'NonEmptyMaxLength2048String')
@@ -336,8 +338,11 @@ module Aws::S3Control
     NoncurrentVersionTransition = Shapes::StructureShape.new(name: 'NoncurrentVersionTransition')
     NoncurrentVersionTransitionList = Shapes::ListShape.new(name: 'NoncurrentVersionTransitionList')
     NotFoundException = Shapes::StructureShape.new(name: 'NotFoundException')
+    NotSSEFilter = Shapes::StructureShape.new(name: 'NotSSEFilter')
     ObjectAgeValue = Shapes::IntegerShape.new(name: 'ObjectAgeValue')
     ObjectCreationTime = Shapes::TimestampShape.new(name: 'ObjectCreationTime')
+    ObjectEncryptionFilter = Shapes::UnionShape.new(name: 'ObjectEncryptionFilter')
+    ObjectEncryptionFilterList = Shapes::ListShape.new(name: 'ObjectEncryptionFilterList')
     ObjectLambdaAccessPoint = Shapes::StructureShape.new(name: 'ObjectLambdaAccessPoint')
     ObjectLambdaAccessPointAlias = Shapes::StructureShape.new(name: 'ObjectLambdaAccessPointAlias')
     ObjectLambdaAccessPointAliasStatus = Shapes::StringShape.new(name: 'ObjectLambdaAccessPointAliasStatus')
@@ -471,11 +476,14 @@ module Aws::S3Control
     S3Tag = Shapes::StructureShape.new(name: 'S3Tag')
     S3TagSet = Shapes::ListShape.new(name: 'S3TagSet')
     S3UserMetadata = Shapes::MapShape.new(name: 'S3UserMetadata')
+    SSECFilter = Shapes::StructureShape.new(name: 'SSECFilter')
     SSEKMS = Shapes::StructureShape.new(name: 'SSEKMS', locationName: "SSE-KMS")
     SSEKMSEncryption = Shapes::StructureShape.new(name: 'SSEKMSEncryption', locationName: "SSE-KMS")
+    SSEKMSFilter = Shapes::StructureShape.new(name: 'SSEKMSFilter')
     SSEKMSKeyId = Shapes::StringShape.new(name: 'SSEKMSKeyId')
     SSES3 = Shapes::StructureShape.new(name: 'SSES3', locationName: "SSE-S3")
     SSES3Encryption = Shapes::StructureShape.new(name: 'SSES3Encryption', locationName: "SSE-S3")
+    SSES3Filter = Shapes::StructureShape.new(name: 'SSES3Filter')
     Scope = Shapes::StructureShape.new(name: 'Scope')
     ScopePermission = Shapes::StringShape.new(name: 'ScopePermission')
     ScopePermissionList = Shapes::ListShape.new(name: 'ScopePermissionList')
@@ -771,6 +779,9 @@ module Aws::S3Control
     Credentials.add_member(:expiration, Shapes::ShapeRef.new(shape: Expiration, location_name: "Expiration"))
     Credentials.struct_class = Types::Credentials
 
+    DSSEKMSFilter.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: NonEmptyKmsKeyArnString, location_name: "KmsKeyArn", metadata: {"box" => true}))
+    DSSEKMSFilter.struct_class = Types::DSSEKMSFilter
+
     DeleteAccessGrantRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-account-id", metadata: {"contextParam" => {"name" => "AccountId"}}))
     DeleteAccessGrantRequest.add_member(:access_grant_id, Shapes::ShapeRef.new(shape: AccessGrantId, required: true, location: "uri", location_name: "id"))
     DeleteAccessGrantRequest.struct_class = Types::DeleteAccessGrantRequest
@@ -1240,6 +1251,7 @@ module Aws::S3Control
     JobManifestGeneratorFilter.add_member(:object_size_greater_than_bytes, Shapes::ShapeRef.new(shape: ObjectSizeGreaterThanBytes, location_name: "ObjectSizeGreaterThanBytes", metadata: {"box" => true}))
     JobManifestGeneratorFilter.add_member(:object_size_less_than_bytes, Shapes::ShapeRef.new(shape: ObjectSizeLessThanBytes, location_name: "ObjectSizeLessThanBytes", metadata: {"box" => true}))
     JobManifestGeneratorFilter.add_member(:match_any_storage_class, Shapes::ShapeRef.new(shape: StorageClassList, location_name: "MatchAnyStorageClass"))
+    JobManifestGeneratorFilter.add_member(:match_any_object_encryption, Shapes::ShapeRef.new(shape: ObjectEncryptionFilterList, location_name: "MatchAnyObjectEncryption"))
     JobManifestGeneratorFilter.struct_class = Types::JobManifestGeneratorFilter
 
     JobManifestLocation.add_member(:object_arn, Shapes::ShapeRef.new(shape: S3KeyArnString, required: true, location_name: "ObjectArn"))
@@ -1561,6 +1573,24 @@ module Aws::S3Control
     NotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "Message"))
     NotFoundException.struct_class = Types::NotFoundException
 
+    NotSSEFilter.struct_class = Types::NotSSEFilter
+
+    ObjectEncryptionFilter.add_member(:sses3, Shapes::ShapeRef.new(shape: SSES3Filter, location_name: "SSE-S3"))
+    ObjectEncryptionFilter.add_member(:ssekms, Shapes::ShapeRef.new(shape: SSEKMSFilter, location_name: "SSE-KMS"))
+    ObjectEncryptionFilter.add_member(:dssekms, Shapes::ShapeRef.new(shape: DSSEKMSFilter, location_name: "DSSE-KMS"))
+    ObjectEncryptionFilter.add_member(:ssec, Shapes::ShapeRef.new(shape: SSECFilter, location_name: "SSE-C"))
+    ObjectEncryptionFilter.add_member(:notsse, Shapes::ShapeRef.new(shape: NotSSEFilter, location_name: "NOT-SSE"))
+    ObjectEncryptionFilter.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    ObjectEncryptionFilter.add_member_subclass(:sses3, Types::ObjectEncryptionFilter::Sses3)
+    ObjectEncryptionFilter.add_member_subclass(:ssekms, Types::ObjectEncryptionFilter::Ssekms)
+    ObjectEncryptionFilter.add_member_subclass(:dssekms, Types::ObjectEncryptionFilter::Dssekms)
+    ObjectEncryptionFilter.add_member_subclass(:ssec, Types::ObjectEncryptionFilter::Ssec)
+    ObjectEncryptionFilter.add_member_subclass(:notsse, Types::ObjectEncryptionFilter::Notsse)
+    ObjectEncryptionFilter.add_member_subclass(:unknown, Types::ObjectEncryptionFilter::Unknown)
+    ObjectEncryptionFilter.struct_class = Types::ObjectEncryptionFilter
+
+    ObjectEncryptionFilterList.member = Shapes::ShapeRef.new(shape: ObjectEncryptionFilter, location_name: "ObjectEncryption")
+
     ObjectLambdaAccessPoint.add_member(:name, Shapes::ShapeRef.new(shape: ObjectLambdaAccessPointName, required: true, location_name: "Name"))
     ObjectLambdaAccessPoint.add_member(:object_lambda_access_point_arn, Shapes::ShapeRef.new(shape: ObjectLambdaAccessPointArn, location_name: "ObjectLambdaAccessPointArn"))
     ObjectLambdaAccessPoint.add_member(:alias, Shapes::ShapeRef.new(shape: ObjectLambdaAccessPointAlias, location_name: "Alias"))
@@ -1906,16 +1936,24 @@ module Aws::S3Control
     S3UserMetadata.key = Shapes::ShapeRef.new(shape: NonEmptyMaxLength1024String)
     S3UserMetadata.value = Shapes::ShapeRef.new(shape: MaxLength1024String)
 
+    SSECFilter.struct_class = Types::SSECFilter
+
     SSEKMS.add_member(:key_id, Shapes::ShapeRef.new(shape: SSEKMSKeyId, required: true, location_name: "KeyId"))
     SSEKMS.struct_class = Types::SSEKMS
 
     SSEKMSEncryption.add_member(:key_id, Shapes::ShapeRef.new(shape: KmsKeyArnString, required: true, location_name: "KeyId"))
     SSEKMSEncryption.struct_class = Types::SSEKMSEncryption
 
+    SSEKMSFilter.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: NonEmptyKmsKeyArnString, location_name: "KmsKeyArn", metadata: {"box" => true}))
+    SSEKMSFilter.add_member(:bucket_key_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "BucketKeyEnabled", metadata: {"box" => true}))
+    SSEKMSFilter.struct_class = Types::SSEKMSFilter
+
     SSES3.struct_class = Types::SSES3
 
     SSES3Encryption.struct_class = Types::SSES3Encryption
 
+    SSES3Filter.struct_class = Types::SSES3Filter
+
     Scope.add_member(:prefixes, Shapes::ShapeRef.new(shape: PrefixesList, location_name: "Prefixes"))
     Scope.add_member(:permissions, Shapes::ShapeRef.new(shape: ScopePermissionList, location_name: "Permissions"))
     Scope.struct_class = Types::Scope

data/lib/aws-sdk-s3control/types.rb

@@ -1462,6 +1462,39 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # A filter that returns objects that are encrypted by dual-layer
+    # server-side encryption with Amazon Web Services Key Management Service
+    # (KMS) keys (DSSE-KMS). You can further refine your filtering by
+    # optionally providing a KMS Key ARN to create an object list of
+    # DSSE-KMS objects with that specific KMS Key ARN.
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The Amazon Resource Name (ARN) of the customer managed KMS key to
+    #   use for the filter to return objects that are encrypted by the
+    #   specified key. For best performance, we recommend using the
+    #   `KMSKeyArn` filter in conjunction with other object metadata
+    #   filters, like `MatchAnyPrefix`, `CreatedAfter`, or
+    #   `MatchAnyStorageClass`.
+    #
+    #   <note markdown="1"> You must provide the full KMS Key ARN. You can't use an alias name
+    #   or alias ARN. For more information, see [ KMS keys][1] in the
+    #   *Amazon Web Services Key Management Service Developer Guide*.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DSSEKMSFilter AWS API Documentation
+    #
+    class DSSEKMSFilter < Struct.new(
+      :kms_key_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] account_id
     #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
@@ -3998,6 +4031,16 @@ module Aws::S3Control
     #   objects that are stored with the specified storage class.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] match_any_object_encryption
+    #   If provided, the generated object list includes only source bucket
+    #   objects with the indicated server-side encryption type (SSE-S3,
+    #   SSE-KMS, DSSE-KMS, SSE-C, or NOT-SSE). If you select SSE-KMS or
+    #   DSSE-KMS, you can optionally further filter your results by
+    #   specifying a specific KMS Key ARN. If you select SSE-KMS, you can
+    #   also optionally further filter your results by Bucket Key enabled
+    #   status.
+    #   @return [Array<Types::ObjectEncryptionFilter>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobManifestGeneratorFilter AWS API Documentation
     #
     class JobManifestGeneratorFilter < Struct.new(
@@ -4008,7 +4051,8 @@ module Aws::S3Control
       :key_name_constraint,
       :object_size_greater_than_bytes,
       :object_size_less_than_bytes,
-      :match_any_storage_class)
+      :match_any_storage_class,
+      :match_any_object_encryption)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4469,7 +4513,7 @@ module Aws::S3Control
     #
     # @!attribute [rw] noncurrent_version_transitions
     #   Specifies the transition rule for the lifecycle rule that describes
-    #   when noncurrent objects transition to a specific storage class. If
+    #   when non-current objects transition to a specific storage class. If
     #   your bucket is versioning-enabled (or versioning is suspended), you
     #   can set this action to request that Amazon S3 transition noncurrent
     #   object versions to a specific storage class at a set period in the
@@ -5924,6 +5968,72 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # A filter that returns objects that aren't server-side encrypted.
+    #
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NotSSEFilter AWS API Documentation
+    #
+    class NotSSEFilter < Aws::EmptyStructure; end
+
+    # An optional filter for the `S3JobManifestGenerator` that identifies
+    # the subset of objects by encryption type. This filter is used to
+    # create an object list for S3 Batch Operations jobs. If provided, this
+    # filter will generate an object list that only includes objects with
+    # the specified encryption type.
+    #
+    # @note ObjectEncryptionFilter is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @note ObjectEncryptionFilter is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of ObjectEncryptionFilter corresponding to the set member.
+    #
+    # @!attribute [rw] sses3
+    #   Filters for objects that are encrypted by server-side encryption
+    #   with Amazon S3 managed keys (SSE-S3).
+    #   @return [Types::SSES3Filter]
+    #
+    # @!attribute [rw] ssekms
+    #   Filters for objects that are encrypted by server-side encryption
+    #   with Amazon Web Services Key Management Service (KMS) keys
+    #   (SSE-KMS).
+    #   @return [Types::SSEKMSFilter]
+    #
+    # @!attribute [rw] dssekms
+    #   Filters for objects that are encrypted by dual-layer server-side
+    #   encryption with Amazon Web Services Key Management Service (KMS)
+    #   keys (DSSE-KMS).
+    #   @return [Types::DSSEKMSFilter]
+    #
+    # @!attribute [rw] ssec
+    #   Filters for objects that are encrypted by server-side encryption
+    #   with customer-provided keys (SSE-C).
+    #   @return [Types::SSECFilter]
+    #
+    # @!attribute [rw] notsse
+    #   Filters for objects that are not encrypted by server-side
+    #   encryption.
+    #   @return [Types::NotSSEFilter]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ObjectEncryptionFilter AWS API Documentation
+    #
+    class ObjectEncryptionFilter < Struct.new(
+      :sses3,
+      :ssekms,
+      :dssekms,
+      :ssec,
+      :notsse,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class Sses3 < ObjectEncryptionFilter; end
+      class Ssekms < ObjectEncryptionFilter; end
+      class Dssekms < ObjectEncryptionFilter; end
+      class Ssec < ObjectEncryptionFilter; end
+      class Notsse < ObjectEncryptionFilter; end
+      class Unknown < ObjectEncryptionFilter; end
+    end
+
     # An access point with an attached Lambda function used to access
     # transformed data from an Amazon S3 bucket.
     #
@@ -7900,6 +8010,15 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # A filter that returns objects that are encrypted by server-side
+    # encryption with customer-provided keys (SSE-C).
+    #
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSECFilter AWS API Documentation
+    #
+    class SSECFilter < Aws::EmptyStructure; end
+
     # @!attribute [rw] key_id
     #   A container for the ARN of the SSE-KMS encryption. This property is
     #   read-only and follows the following format: `
@@ -7932,6 +8051,50 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # A filter that returns objects that are encrypted by server-side
+    # encryption with Amazon Web Services KMS (SSE-KMS).
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The Amazon Resource Name (ARN) of the customer managed KMS key to
+    #   use for the filter to return objects that are encrypted by the
+    #   specified key. For best performance, we recommend using the
+    #   `KMSKeyArn` filter in conjunction with other object metadata
+    #   filters, like `MatchAnyPrefix`, `CreatedAfter`, or
+    #   `MatchAnyStorageClass`.
+    #
+    #   <note markdown="1"> You must provide the full KMS Key ARN. You can't use an alias name
+    #   or alias ARN. For more information, see [ KMS keys][1] in the
+    #   *Amazon Web Services Key Management Service Developer Guide*.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket_key_enabled
+    #   Specifies whether Amazon S3 should use an S3 Bucket Key for object
+    #   encryption with server-side encryption using Amazon Web Services Key
+    #   Management Service (Amazon Web Services KMS) keys (SSE-KMS). If
+    #   specified, will filter SSE-KMS encrypted objects by S3 Bucket Key
+    #   status. For more information, see [Reducing the cost of SSE-KMS with
+    #   Amazon S3 Bucket Keys][1] in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSEKMSFilter AWS API Documentation
+    #
+    class SSEKMSFilter < Struct.new(
+      :kms_key_arn,
+      :bucket_key_enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSES3 AWS API Documentation
@@ -7947,6 +8110,15 @@ module Aws::S3Control
     #
     class SSES3Encryption < Aws::EmptyStructure; end
 
+    # A filter that returns objects that are encrypted by server-side
+    # encryption with Amazon S3 managed keys (SSE-S3).
+    #
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSES3Filter AWS API Documentation
+    #
+    class SSES3Filter < Aws::EmptyStructure; end
+
     # You can use the access point scope to restrict access to specific
     # prefixes, API operations, or a combination of both.
     #

data/lib/aws-sdk-s3control.rb

@@ -54,7 +54,7 @@ module Aws::S3Control
   autoload :EndpointProvider, 'aws-sdk-s3control/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-s3control/endpoints'
 
-  GEM_VERSION = '1.117.0'
+  GEM_VERSION = '1.118.0'
 
 end
 

data/sig/client.rbs

@@ -420,7 +420,24 @@ module Aws
                               }?,
                               object_size_greater_than_bytes: ::Integer?,
                               object_size_less_than_bytes: ::Integer?,
-                              match_any_storage_class: Array[("STANDARD" | "STANDARD_IA" | "ONEZONE_IA" | "GLACIER" | "INTELLIGENT_TIERING" | "DEEP_ARCHIVE" | "GLACIER_IR")]?
+                              match_any_storage_class: Array[("STANDARD" | "STANDARD_IA" | "ONEZONE_IA" | "GLACIER" | "INTELLIGENT_TIERING" | "DEEP_ARCHIVE" | "GLACIER_IR")]?,
+                              match_any_object_encryption: Array[
+                                {
+                                  sses3: {
+                                  }?,
+                                  ssekms: {
+                                    kms_key_arn: ::String?,
+                                    bucket_key_enabled: bool?
+                                  }?,
+                                  dssekms: {
+                                    kms_key_arn: ::String?
+                                  }?,
+                                  ssec: {
+                                  }?,
+                                  notsse: {
+                                  }?
+                                },
+                              ]?
                             }?,
                             enable_manifest_output: bool
                           }?

data/sig/types.rbs

@@ -298,6 +298,11 @@ module Aws::S3Control
       SENSITIVE: [:access_key_id, :secret_access_key, :session_token]
     end
 
+    class DSSEKMSFilter
+      attr_accessor kms_key_arn: ::String
+      SENSITIVE: []
+    end
+
     class DeleteAccessGrantRequest
       attr_accessor account_id: ::String
       attr_accessor access_grant_id: ::String
@@ -966,6 +971,7 @@ module Aws::S3Control
       attr_accessor object_size_greater_than_bytes: ::Integer
       attr_accessor object_size_less_than_bytes: ::Integer
       attr_accessor match_any_storage_class: ::Array[("STANDARD" | "STANDARD_IA" | "ONEZONE_IA" | "GLACIER" | "INTELLIGENT_TIERING" | "DEEP_ARCHIVE" | "GLACIER_IR")]
+      attr_accessor match_any_object_encryption: ::Array[Types::ObjectEncryptionFilter]
       SENSITIVE: []
     end
 
@@ -1386,6 +1392,32 @@ module Aws::S3Control
       SENSITIVE: []
     end
 
+    class NotSSEFilter < Aws::EmptyStructure
+    end
+
+    class ObjectEncryptionFilter
+      attr_accessor sses3: Types::SSES3Filter
+      attr_accessor ssekms: Types::SSEKMSFilter
+      attr_accessor dssekms: Types::DSSEKMSFilter
+      attr_accessor ssec: Types::SSECFilter
+      attr_accessor notsse: Types::NotSSEFilter
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class Sses3 < ObjectEncryptionFilter
+      end
+      class Ssekms < ObjectEncryptionFilter
+      end
+      class Dssekms < ObjectEncryptionFilter
+      end
+      class Ssec < ObjectEncryptionFilter
+      end
+      class Notsse < ObjectEncryptionFilter
+      end
+      class Unknown < ObjectEncryptionFilter
+      end
+    end
+
     class ObjectLambdaAccessPoint
       attr_accessor name: ::String
       attr_accessor object_lambda_access_point_arn: ::String
@@ -1813,6 +1845,9 @@ module Aws::S3Control
       SENSITIVE: []
     end
 
+    class SSECFilter < Aws::EmptyStructure
+    end
+
     class SSEKMS
       attr_accessor key_id: ::String
       SENSITIVE: []
@@ -1823,12 +1858,21 @@ module Aws::S3Control
       SENSITIVE: []
     end
 
+    class SSEKMSFilter
+      attr_accessor kms_key_arn: ::String
+      attr_accessor bucket_key_enabled: bool
+      SENSITIVE: []
+    end
+
     class SSES3 < Aws::EmptyStructure
     end
 
     class SSES3Encryption < Aws::EmptyStructure
     end
 
+    class SSES3Filter < Aws::EmptyStructure
+    end
+
     class Scope
       attr_accessor prefixes: ::Array[::String]
       attr_accessor permissions: ::Array[("GetObject" | "GetObjectAttributes" | "ListMultipartUploadParts" | "ListBucket" | "ListBucketMultipartUploads" | "PutObject" | "DeleteObject" | "AbortMultipartUpload")]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-s3control
 version: !ruby/object:Gem::Version
-  version: 1.117.0
+  version: 1.118.0
 platform: ruby
 authors:
 - Amazon Web Services