aws-sdk-s3control 1.13.0 → 1.19.0

data/lib/aws-sdk-s3control/errors.rb

@@ -6,6 +6,38 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::S3Control
+
+  # When S3Control returns an error response, the Ruby SDK constructs and raises an error.
+  # These errors all extend Aws::S3Control::Errors::ServiceError < {Aws::Errors::ServiceError}
+  #
+  # You can rescue all S3Control errors using ServiceError:
+  #
+  #     begin
+  #       # do stuff
+  #     rescue Aws::S3Control::Errors::ServiceError
+  #       # rescues all S3Control API errors
+  #     end
+  #
+  #
+  # ## Request Context
+  # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
+  # information about the request that generated the error.
+  # See {Seahorse::Client::RequestContext} for more information.
+  #
+  # ## Error Classes
+  # * {BadRequestException}
+  # * {IdempotencyException}
+  # * {InternalServiceException}
+  # * {InvalidNextTokenException}
+  # * {InvalidRequestException}
+  # * {JobStatusException}
+  # * {NoSuchPublicAccessBlockConfiguration}
+  # * {NotFoundException}
+  # * {TooManyRequestsException}
+  # * {TooManyTagsException}
+  #
+  # Additionally, error classes are dynamically generated for service errors based on the error code
+  # if they are not defined above.
   module Errors
 
     extend Aws::Errors::DynamicErrors
@@ -23,7 +55,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class IdempotencyException < ServiceError
@@ -39,7 +70,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class InternalServiceException < ServiceError
@@ -55,7 +85,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidNextTokenException < ServiceError
@@ -71,7 +100,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class InvalidRequestException < ServiceError
@@ -87,7 +115,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class JobStatusException < ServiceError
@@ -103,7 +130,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class NoSuchPublicAccessBlockConfiguration < ServiceError
@@ -119,7 +145,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class NotFoundException < ServiceError
@@ -135,7 +160,6 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
-
     end
 
     class TooManyRequestsException < ServiceError
@@ -151,7 +175,21 @@ module Aws::S3Control
       def message
         @message || @data[:message]
       end
+    end
+
+    class TooManyTagsException < ServiceError
 
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3Control::Types::TooManyTagsException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
     end
 
   end

data/lib/aws-sdk-s3control/plugins/s3_signer.rb

@@ -15,6 +15,8 @@ module Aws
         end
 
         option(:sigv4_region) do |cfg|
+          raise Aws::Errors::MissingRegionError if cfg.region.nil?
+
           Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
         end
 

data/lib/aws-sdk-s3control/resource.rb

@@ -6,6 +6,7 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::S3Control
+
   class Resource
 
     # @param options ({})

data/lib/aws-sdk-s3control/types.rb

@@ -8,6 +8,40 @@
 module Aws::S3Control
   module Types
 
+    # An access point used to access a bucket.
+    #
+    # @!attribute [rw] name
+    #   The name of this access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] network_origin
+    #   Indicates whether this access point allows access from the public
+    #   internet. If `VpcConfiguration` is specified for this access point,
+    #   then `NetworkOrigin` is `VPC`, and the access point doesn't allow
+    #   access from the public internet. Otherwise, `NetworkOrigin` is
+    #   `Internet`, and the access point allows access from the public
+    #   internet, subject to the access point and bucket access policies.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_configuration
+    #   The virtual private cloud (VPC) configuration for this access point,
+    #   if one exists.
+    #   @return [Types::VpcConfiguration]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket associated with this access point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AccessPoint AWS API Documentation
+    #
+    class AccessPoint < Struct.new(
+      :name,
+      :network_origin,
+      :vpc_configuration,
+      :bucket)
+      include Aws::Structure
+    end
+
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -18,6 +52,66 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateAccessPointRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #         bucket: "BucketName", # required
+    #         vpc_configuration: {
+    #           vpc_id: "VpcId", # required
+    #         },
+    #         public_access_block_configuration: {
+    #           block_public_acls: false,
+    #           ignore_public_acls: false,
+    #           block_public_policy: false,
+    #           restrict_public_buckets: false,
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID for the owner of the bucket for which you want to
+    #   create an access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name you want to assign to this access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket that you want to associate this access point
+    #   with.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_configuration
+    #   If you include this field, Amazon S3 restricts access to this access
+    #   point to requests from the specified virtual private cloud (VPC).
+    #   @return [Types::VpcConfiguration]
+    #
+    # @!attribute [rw] public_access_block_configuration
+    #   The `PublicAccessBlock` configuration that you want to apply to this
+    #   Amazon S3 bucket. You can enable the configuration options in any
+    #   combination. For more information about when Amazon S3 considers a
+    #   bucket or object public, see [The Meaning of "Public"][1] in the
+    #   Amazon Simple Storage Service Developer Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
+    #   @return [Types::PublicAccessBlockConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessPointRequest AWS API Documentation
+    #
+    class CreateAccessPointRequest < Struct.new(
+      :account_id,
+      :name,
+      :bucket,
+      :vpc_configuration,
+      :public_access_block_configuration)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateJobRequest
     #   data as a hash:
     #
@@ -26,7 +120,7 @@ module Aws::S3Control
     #         confirmation_required: false,
     #         operation: { # required
     #           lambda_invoke: {
-    #             function_arn: "NonEmptyMaxLength1024String",
+    #             function_arn: "FunctionArnString",
     #           },
     #           s3_put_object_copy: {
     #             target_resource: "S3BucketArnString",
@@ -60,8 +154,8 @@ module Aws::S3Control
     #             },
     #             new_object_tagging: [
     #               {
-    #                 key: "NonEmptyMaxLength1024String", # required
-    #                 value: "MaxLength1024String", # required
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
     #               },
     #             ],
     #             redirect_location: "NonEmptyMaxLength2048String",
@@ -98,8 +192,8 @@ module Aws::S3Control
     #           s3_put_object_tagging: {
     #             tag_set: [
     #               {
-    #                 key: "NonEmptyMaxLength1024String", # required
-    #                 value: "MaxLength1024String", # required
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
     #               },
     #             ],
     #           },
@@ -107,6 +201,18 @@ module Aws::S3Control
     #             expiration_in_days: 1,
     #             glacier_job_tier: "BULK", # accepts BULK, STANDARD
     #           },
+    #           s3_put_object_legal_hold: {
+    #             legal_hold: { # required
+    #               status: "OFF", # required, accepts OFF, ON
+    #             },
+    #           },
+    #           s3_put_object_retention: {
+    #             bypass_governance_retention: false,
+    #             retention: { # required
+    #               retain_until_date: Time.now,
+    #               mode: "COMPLIANCE", # accepts COMPLIANCE, GOVERNANCE
+    #             },
+    #           },
     #         },
     #         report: { # required
     #           bucket: "S3BucketArnString",
@@ -130,6 +236,12 @@ module Aws::S3Control
     #         description: "NonEmptyMaxLength256String",
     #         priority: 1, # required
     #         role_arn: "IAMRoleArn", # required
+    #         tags: [
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] account_id
@@ -181,11 +293,16 @@ module Aws::S3Control
     #   @return [Integer]
     #
     # @!attribute [rw] role_arn
-    #   The Amazon Resource Name (ARN) for the Identity and Access
-    #   Management (IAM) Role that batch operations will use to execute this
+    #   The Amazon Resource Name (ARN) for the AWS Identity and Access
+    #   Management (IAM) role that Batch Operations will use to execute this
     #   job's operation on each object in the manifest.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A set of tags to associate with the Amazon S3 Batch Operations job.
+    #   This is an optional parameter.
+    #   @return [Array<Types::S3Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateJobRequest AWS API Documentation
     #
     class CreateJobRequest < Struct.new(
@@ -197,7 +314,8 @@ module Aws::S3Control
       :manifest,
       :description,
       :priority,
-      :role_arn)
+      :role_arn,
+      :tags)
       include Aws::Structure
     end
 
@@ -213,6 +331,84 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteAccessPointPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point whose policy you want to delete.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointPolicyRequest AWS API Documentation
+    #
+    class DeleteAccessPointPolicyRequest < Struct.new(
+      :account_id,
+      :name)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteAccessPointRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point you want to delete.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointRequest AWS API Documentation
+    #
+    class DeleteAccessPointRequest < Struct.new(
+      :account_id,
+      :name)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteJobTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         job_id: "JobId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID associated with the Amazon S3 Batch Operations
+    #   job.
+    #   @return [String]
+    #
+    # @!attribute [rw] job_id
+    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   delete.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingRequest AWS API Documentation
+    #
+    class DeleteJobTaggingRequest < Struct.new(
+      :account_id,
+      :job_id)
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingResult AWS API Documentation
+    #
+    class DeleteJobTaggingResult < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DeletePublicAccessBlockRequest
     #   data as a hash:
     #
@@ -221,8 +417,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the AWS account whose block public access
-    #   configuration you want to delete.
+    #   The account ID for the Amazon Web Services account whose
+    #   `PublicAccessBlock` configuration you want to remove.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeletePublicAccessBlockRequest AWS API Documentation
@@ -267,7 +463,192 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetAccessPointPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point whose policy you want to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyRequest AWS API Documentation
+    #
+    class GetAccessPointPolicyRequest < Struct.new(
+      :account_id,
+      :name)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The access point policy associated with the specified access point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyResult AWS API Documentation
+    #
+    class GetAccessPointPolicyResult < Struct.new(
+      :policy)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointPolicyStatusRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point whose policy status you want to
+    #   retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyStatusRequest AWS API Documentation
+    #
+    class GetAccessPointPolicyStatusRequest < Struct.new(
+      :account_id,
+      :name)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_status
+    #   Indicates the current policy status of the specified access point.
+    #   @return [Types::PolicyStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyStatusResult AWS API Documentation
+    #
+    class GetAccessPointPolicyStatusResult < Struct.new(
+      :policy_status)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point whose configuration information you
+    #   want to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointRequest AWS API Documentation
+    #
+    class GetAccessPointRequest < Struct.new(
+      :account_id,
+      :name)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket associated with the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] network_origin
+    #   Indicates whether this access point allows access from the public
+    #   internet. If `VpcConfiguration` is specified for this access point,
+    #   then `NetworkOrigin` is `VPC`, and the access point doesn't allow
+    #   access from the public internet. Otherwise, `NetworkOrigin` is
+    #   `Internet`, and the access point allows access from the public
+    #   internet, subject to the access point and bucket access policies.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_configuration
+    #   Contains the virtual private cloud (VPC) configuration for the
+    #   specified access point.
+    #   @return [Types::VpcConfiguration]
+    #
     # @!attribute [rw] public_access_block_configuration
+    #   The `PublicAccessBlock` configuration that you want to apply to this
+    #   Amazon S3 bucket. You can enable the configuration options in any
+    #   combination. For more information about when Amazon S3 considers a
+    #   bucket or object public, see [The Meaning of "Public"][1] in the
+    #   Amazon Simple Storage Service Developer Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
+    #   @return [Types::PublicAccessBlockConfiguration]
+    #
+    # @!attribute [rw] creation_date
+    #   The date and time when the specified access point was created.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointResult AWS API Documentation
+    #
+    class GetAccessPointResult < Struct.new(
+      :name,
+      :bucket,
+      :network_origin,
+      :vpc_configuration,
+      :public_access_block_configuration,
+      :creation_date)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetJobTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         job_id: "JobId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID associated with the Amazon S3 Batch Operations
+    #   job.
+    #   @return [String]
+    #
+    # @!attribute [rw] job_id
+    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetJobTaggingRequest AWS API Documentation
+    #
+    class GetJobTaggingRequest < Struct.new(
+      :account_id,
+      :job_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   The set of tags associated with the Amazon S3 Batch Operations job.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetJobTaggingResult AWS API Documentation
+    #
+    class GetJobTaggingResult < Struct.new(
+      :tags)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] public_access_block_configuration
+    #   The `PublicAccessBlock` configuration currently in effect for this
+    #   Amazon Web Services account.
     #   @return [Types::PublicAccessBlockConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockOutput AWS API Documentation
@@ -285,6 +666,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The account ID for the Amazon Web Services account whose
+    #   `PublicAccessBlock` configuration you want to retrieve.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockRequest AWS API Documentation
@@ -404,8 +787,8 @@ module Aws::S3Control
     #   @return [Time]
     #
     # @!attribute [rw] role_arn
-    #   The Amazon Resource Name (ARN) for the Identity and Access
-    #   Management (IAM) Role assigned to execute the tasks for this job.
+    #   The Amazon Resource Name (ARN) for the AWS Identity and Access
+    #   Management (IAM) role assigned to execute the tasks for this job.
     #   @return [String]
     #
     # @!attribute [rw] suspended_date
@@ -629,7 +1012,7 @@ module Aws::S3Control
     #
     #       {
     #         lambda_invoke: {
-    #           function_arn: "NonEmptyMaxLength1024String",
+    #           function_arn: "FunctionArnString",
     #         },
     #         s3_put_object_copy: {
     #           target_resource: "S3BucketArnString",
@@ -663,8 +1046,8 @@ module Aws::S3Control
     #           },
     #           new_object_tagging: [
     #             {
-    #               key: "NonEmptyMaxLength1024String", # required
-    #               value: "MaxLength1024String", # required
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
     #             },
     #           ],
     #           redirect_location: "NonEmptyMaxLength2048String",
@@ -701,8 +1084,8 @@ module Aws::S3Control
     #         s3_put_object_tagging: {
     #           tag_set: [
     #             {
-    #               key: "NonEmptyMaxLength1024String", # required
-    #               value: "MaxLength1024String", # required
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
     #             },
     #           ],
     #         },
@@ -710,6 +1093,18 @@ module Aws::S3Control
     #           expiration_in_days: 1,
     #           glacier_job_tier: "BULK", # accepts BULK, STANDARD
     #         },
+    #         s3_put_object_legal_hold: {
+    #           legal_hold: { # required
+    #             status: "OFF", # required, accepts OFF, ON
+    #           },
+    #         },
+    #         s3_put_object_retention: {
+    #           bypass_governance_retention: false,
+    #           retention: { # required
+    #             retain_until_date: Time.now,
+    #             mode: "COMPLIANCE", # accepts COMPLIANCE, GOVERNANCE
+    #           },
+    #         },
     #       }
     #
     # @!attribute [rw] lambda_invoke
@@ -737,6 +1132,28 @@ module Aws::S3Control
     #   call on each object in the manifest.
     #   @return [Types::S3InitiateRestoreObjectOperation]
     #
+    # @!attribute [rw] s3_put_object_legal_hold
+    #   Contains the configuration parameters for a Set Object Legal Hold
+    #   operation. Amazon S3 Batch Operations passes each value through to
+    #   the underlying PUT Object Legal Hold API. For more information about
+    #   the parameters for this operation, see [PUT Object Legal Hold][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
+    #   @return [Types::S3SetObjectLegalHoldOperation]
+    #
+    # @!attribute [rw] s3_put_object_retention
+    #   Contains the configuration parameters for a Set Object Retention
+    #   operation. Amazon S3 Batch Operations passes each value through to
+    #   the underlying PUT Object Retention API. For more information about
+    #   the parameters for this operation, see [PUT Object Retention][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
+    #   @return [Types::S3SetObjectRetentionOperation]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobOperation AWS API Documentation
     #
     class JobOperation < Struct.new(
@@ -744,7 +1161,9 @@ module Aws::S3Control
       :s3_put_object_copy,
       :s3_put_object_acl,
       :s3_put_object_tagging,
-      :s3_initiate_restore_object)
+      :s3_initiate_restore_object,
+      :s3_put_object_legal_hold,
+      :s3_put_object_retention)
       include Aws::Structure
     end
 
@@ -784,7 +1203,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] bucket
-    #   The bucket where specified job-completion report will be stored.
+    #   The Amazon Resource Name (ARN) for the bucket where specified
+    #   job-completion report will be stored.
     #   @return [String]
     #
     # @!attribute [rw] format
@@ -835,7 +1255,7 @@ module Aws::S3Control
     #   data as a hash:
     #
     #       {
-    #         function_arn: "NonEmptyMaxLength1024String",
+    #         function_arn: "FunctionArnString",
     #       }
     #
     # @!attribute [rw] function_arn
@@ -850,13 +1270,78 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListAccessPointsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName",
+    #         next_token: "NonEmptyMaxLength1024String",
+    #         max_results: 1,
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID for owner of the bucket whose access points you
+    #   want to list.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket whose associated access points you want to
+    #   list.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   A continuation token. If a previous call to `ListAccessPoints`
+    #   returned a continuation token in the `NextToken` field, then
+    #   providing that value here causes Amazon S3 to retrieve the next page
+    #   of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of access points that you want to include in the
+    #   list. If the specified bucket has more than this number of access
+    #   points, then the response will include a continuation token in the
+    #   `NextToken` field that you can use to retrieve the next page of
+    #   access points.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessPointsRequest AWS API Documentation
+    #
+    class ListAccessPointsRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :next_token,
+      :max_results)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_point_list
+    #   Contains identification and configuration information for one or
+    #   more access points associated with the specified bucket.
+    #   @return [Array<Types::AccessPoint>]
+    #
+    # @!attribute [rw] next_token
+    #   If the specified bucket has more access points than can be returned
+    #   in one call to this API, then this field contains a continuation
+    #   token that you can provide in subsequent calls to this API to
+    #   retrieve additional access points.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessPointsResult AWS API Documentation
+    #
+    class ListAccessPointsResult < Struct.new(
+      :access_point_list,
+      :next_token)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListJobsRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
     #         job_statuses: ["Active"], # accepts Active, Cancelled, Cancelling, Complete, Completing, Failed, Failing, New, Paused, Pausing, Preparing, Ready, Suspended
-    #         next_token: "NonEmptyMaxLength1024String",
+    #         next_token: "StringForNextToken",
     #         max_results: 1,
     #       }
     #
@@ -910,6 +1395,10 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Amazon S3 throws this exception if you make a `GetPublicAccessBlock`
+    # request against an account that doesn't have a
+    # `PublicAccessBlockConfiguration` set.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -930,6 +1419,35 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Indicates whether this access point policy is public. For more
+    # information about how Amazon S3 evaluates policies to determine
+    # whether they are public, see [The Meaning of "Public"][1] in the
+    # *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
+    #
+    # @!attribute [rw] is_public
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PolicyStatus AWS API Documentation
+    #
+    class PolicyStatus < Struct.new(
+      :is_public)
+      include Aws::Structure
+    end
+
+    # The `PublicAccessBlock` configuration that you want to apply to this
+    # Amazon S3 bucket. You can enable the configuration options in any
+    # combination. For more information about when Amazon S3 considers a
+    # bucket or object public, see [The Meaning of "Public"][1] in the
+    # Amazon Simple Storage Service Developer Guide.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
+    #
     # @note When making an API call, you may pass PublicAccessBlockConfiguration
     #   data as a hash:
     #
@@ -941,15 +1459,49 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] block_public_acls
+    #   Specifies whether Amazon S3 should block public access control lists
+    #   (ACLs) for buckets in this account. Setting this element to `TRUE`
+    #   causes the following behavior:
+    #
+    #   * PUT Bucket acl and PUT Object acl calls fail if the specified ACL
+    #     is public.
+    #
+    #   * PUT Object calls fail if the request includes a public ACL.
+    #
+    #   * PUT Bucket calls fail if the request includes a public ACL.
+    #
+    #   Enabling this setting doesn't affect existing policies or ACLs.
     #   @return [Boolean]
     #
     # @!attribute [rw] ignore_public_acls
+    #   Specifies whether Amazon S3 should ignore public ACLs for buckets in
+    #   this account. Setting this element to `TRUE` causes Amazon S3 to
+    #   ignore all public ACLs on buckets in this account and any objects
+    #   that they contain.
+    #
+    #   Enabling this setting doesn't affect the persistence of any
+    #   existing ACLs and doesn't prevent new public ACLs from being set.
     #   @return [Boolean]
     #
     # @!attribute [rw] block_public_policy
+    #   Specifies whether Amazon S3 should block public bucket policies for
+    #   buckets in this account. Setting this element to `TRUE` causes
+    #   Amazon S3 to reject calls to PUT Bucket policy if the specified
+    #   bucket policy allows public access.
+    #
+    #   Enabling this setting doesn't affect existing bucket policies.
     #   @return [Boolean]
     #
     # @!attribute [rw] restrict_public_buckets
+    #   Specifies whether Amazon S3 should restrict public bucket policies
+    #   for buckets in this account. Setting this element to `TRUE`
+    #   restricts access to buckets with public policies to only AWS
+    #   services and authorized users within this account.
+    #
+    #   Enabling this setting doesn't affect previously stored bucket
+    #   policies, except that public and cross-account access within any
+    #   public bucket policy, including non-public delegation to specific
+    #   accounts, is blocked.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PublicAccessBlockConfiguration AWS API Documentation
@@ -962,6 +1514,87 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutAccessPointPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #         policy: "Policy", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID for owner of the bucket associated with the
+    #   specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point that you want to associate with the
+    #   specified policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy
+    #   The policy that you want to apply to the specified access point. For
+    #   more information about access point policies, see [Managing Data
+    #   Access with Amazon S3 Access Points][1] in the *Amazon Simple
+    #   Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessPointPolicyRequest AWS API Documentation
+    #
+    class PutAccessPointPolicyRequest < Struct.new(
+      :account_id,
+      :name,
+      :policy)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutJobTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         job_id: "JobId", # required
+    #         tags: [ # required
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID associated with the Amazon S3 Batch Operations
+    #   job.
+    #   @return [String]
+    #
+    # @!attribute [rw] job_id
+    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   replace.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The set of tags to associate with the Amazon S3 Batch Operations
+    #   job.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingRequest AWS API Documentation
+    #
+    class PutJobTaggingRequest < Struct.new(
+      :account_id,
+      :job_id,
+      :tags)
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingResult AWS API Documentation
+    #
+    class PutJobTaggingResult < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass PutPublicAccessBlockRequest
     #   data as a hash:
     #
@@ -976,9 +1609,13 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] public_access_block_configuration
+    #   The `PublicAccessBlock` configuration that you want to apply to the
+    #   specified Amazon Web Services account.
     #   @return [Types::PublicAccessBlockConfiguration]
     #
     # @!attribute [rw] account_id
+    #   The account ID for the Amazon Web Services account whose
+    #   `PublicAccessBlock` configuration you want to set.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutPublicAccessBlockRequest AWS API Documentation
@@ -1061,7 +1698,7 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for a PUT Copy object operation.
-    # Amazon S3 batch operations passes each value through to the underlying
+    # Amazon S3 Batch Operations passes each value through to the underlying
     # PUT Copy object API. For more information about the parameters for
     # this operation, see [PUT Object - Copy][1].
     #
@@ -1104,8 +1741,8 @@ module Aws::S3Control
     #         },
     #         new_object_tagging: [
     #           {
-    #             key: "NonEmptyMaxLength1024String", # required
-    #             value: "MaxLength1024String", # required
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
     #           },
     #         ],
     #         redirect_location: "NonEmptyMaxLength2048String",
@@ -1159,12 +1796,18 @@ module Aws::S3Control
     #   @return [String]
     #
     # @!attribute [rw] object_lock_legal_hold_status
+    #   The Legal Hold status to be applied to all objects in the Batch
+    #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_mode
+    #   The Retention mode to be applied to all objects in the Batch
+    #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_retain_until_date
+    #   The date when the applied Object Retention configuration will expire
+    #   on all objects in the Batch Operations job.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3CopyObjectOperation AWS API Documentation
@@ -1243,7 +1886,7 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for an Initiate Glacier Restore
-    # job. Amazon S3 batch operations passes each value through to the
+    # job. Amazon S3 Batch Operations passes each value through to the
     # underlying POST Object restore API. For more information about the
     # parameters for this operation, see [Restoring Archives][1].
     #
@@ -1273,6 +1916,25 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass S3ObjectLockLegalHold
+    #   data as a hash:
+    #
+    #       {
+    #         status: "OFF", # required, accepts OFF, ON
+    #       }
+    #
+    # @!attribute [rw] status
+    #   The Legal Hold status to be applied to all objects in the Batch
+    #   Operations job.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3ObjectLockLegalHold AWS API Documentation
+    #
+    class S3ObjectLockLegalHold < Struct.new(
+      :status)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass S3ObjectMetadata
     #   data as a hash:
     #
@@ -1364,8 +2026,34 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass S3Retention
+    #   data as a hash:
+    #
+    #       {
+    #         retain_until_date: Time.now,
+    #         mode: "COMPLIANCE", # accepts COMPLIANCE, GOVERNANCE
+    #       }
+    #
+    # @!attribute [rw] retain_until_date
+    #   The date when the applied Object Retention will expire on all
+    #   objects in the Batch Operations job.
+    #   @return [Time]
+    #
+    # @!attribute [rw] mode
+    #   The Retention mode to be applied to all objects in the Batch
+    #   Operations job.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3Retention AWS API Documentation
+    #
+    class S3Retention < Struct.new(
+      :retain_until_date,
+      :mode)
+      include Aws::Structure
+    end
+
     # Contains the configuration parameters for a Set Object ACL operation.
-    # Amazon S3 batch operations passes each value through to the underlying
+    # Amazon S3 Batch Operations passes each value through to the underlying
     # PUT Object acl API. For more information about the parameters for this
     # operation, see [PUT Object acl][1].
     #
@@ -1408,8 +2096,77 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Contains the configuration parameters for a Set Object Legal Hold
+    # operation. Amazon S3 Batch Operations passes each value through to the
+    # underlying PUT Object Legal Hold API. For more information about the
+    # parameters for this operation, see [PUT Object Legal Hold][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
+    #
+    # @note When making an API call, you may pass S3SetObjectLegalHoldOperation
+    #   data as a hash:
+    #
+    #       {
+    #         legal_hold: { # required
+    #           status: "OFF", # required, accepts OFF, ON
+    #         },
+    #       }
+    #
+    # @!attribute [rw] legal_hold
+    #   The Legal Hold contains the status to be applied to all objects in
+    #   the Batch Operations job.
+    #   @return [Types::S3ObjectLockLegalHold]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectLegalHoldOperation AWS API Documentation
+    #
+    class S3SetObjectLegalHoldOperation < Struct.new(
+      :legal_hold)
+      include Aws::Structure
+    end
+
+    # Contains the configuration parameters for a Set Object Retention
+    # operation. Amazon S3 Batch Operations passes each value through to the
+    # underlying PUT Object Retention API. For more information about the
+    # parameters for this operation, see [PUT Object Retention][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
+    #
+    # @note When making an API call, you may pass S3SetObjectRetentionOperation
+    #   data as a hash:
+    #
+    #       {
+    #         bypass_governance_retention: false,
+    #         retention: { # required
+    #           retain_until_date: Time.now,
+    #           mode: "COMPLIANCE", # accepts COMPLIANCE, GOVERNANCE
+    #         },
+    #       }
+    #
+    # @!attribute [rw] bypass_governance_retention
+    #   Indicates if the operation should be applied to objects in the Batch
+    #   Operations job even if they have Governance-type Object Lock in
+    #   place.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] retention
+    #   Amazon S3 object lock Retention contains the retention mode to be
+    #   applied to all objects in the Batch Operations job.
+    #   @return [Types::S3Retention]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectRetentionOperation AWS API Documentation
+    #
+    class S3SetObjectRetentionOperation < Struct.new(
+      :bypass_governance_retention,
+      :retention)
+      include Aws::Structure
+    end
+
     # Contains the configuration parameters for a Set Object Tagging
-    # operation. Amazon S3 batch operations passes each value through to the
+    # operation. Amazon S3 Batch Operations passes each value through to the
     # underlying PUT Object tagging API. For more information about the
     # parameters for this operation, see [PUT Object tagging][1].
     #
@@ -1423,8 +2180,8 @@ module Aws::S3Control
     #       {
     #         tag_set: [
     #           {
-    #             key: "NonEmptyMaxLength1024String", # required
-    #             value: "MaxLength1024String", # required
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
     #           },
     #         ],
     #       }
@@ -1443,8 +2200,8 @@ module Aws::S3Control
     #   data as a hash:
     #
     #       {
-    #         key: "NonEmptyMaxLength1024String", # required
-    #         value: "MaxLength1024String", # required
+    #         key: "TagKeyString", # required
+    #         value: "TagValueString", # required
     #       }
     #
     # @!attribute [rw] key
@@ -1471,6 +2228,16 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/TooManyTagsException AWS API Documentation
+    #
+    class TooManyTagsException < Struct.new(
+      :message)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateJobPriorityRequest
     #   data as a hash:
     #
@@ -1574,5 +2341,26 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # The virtual private cloud (VPC) configuration for an access point.
+    #
+    # @note When making an API call, you may pass VpcConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         vpc_id: "VpcId", # required
+    #       }
+    #
+    # @!attribute [rw] vpc_id
+    #   If this field is specified, this access point will only allow
+    #   connections from the specified VPC ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/VpcConfiguration AWS API Documentation
+    #
+    class VpcConfiguration < Struct.new(
+      :vpc_id)
+      include Aws::Structure
+    end
+
   end
 end