aws-sdk-s3control 1.20.1 → 1.25.0

data/lib/aws-sdk-s3control/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -26,6 +28,8 @@ module Aws::S3Control
   #
   # ## Error Classes
   # * {BadRequestException}
+  # * {BucketAlreadyExists}
+  # * {BucketAlreadyOwnedByYou}
   # * {IdempotencyException}
   # * {InternalServiceException}
   # * {InvalidNextTokenException}
@@ -57,6 +61,26 @@ module Aws::S3Control
       end
     end
 
+    class BucketAlreadyExists < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3Control::Types::BucketAlreadyExists] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
+    class BucketAlreadyOwnedByYou < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3Control::Types::BucketAlreadyOwnedByYou] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class IdempotencyException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-s3control/plugins/arn.rb

@@ -0,0 +1,215 @@
+# frozen_string_literal: true
+
+require_relative '../arn/outpost_access_point_arn'
+require_relative '../arn/outpost_bucket_arn'
+
+module Aws
+  module S3Control
+    module Plugins
+      # When an ARN is provided for :bucket or :name in S3Control operations,
+      # this plugin resolves the request endpoint from the ARN when possible.
+      # @api private
+      class ARN < Seahorse::Client::Plugin
+        option(
+          :s3_use_arn_region,
+          default: true,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS) do |cfg|
+For S3 and S3 Outposts ARNs passed into the `:bucket` or `:name`
+parameter, this option will use the region in the ARN, allowing
+for cross-region requests to be made. Set to `false` to use the
+client's region instead.
+        DOCS
+          resolve_s3_use_arn_region(cfg)
+        end
+
+        # param validator is validate:50 (required to add account_id from arn)
+        # endpoint is build:90 (populates the URI for the first time)
+        # endpoint pattern is build:10 (prefix account id to host)
+        def add_handlers(handlers, _config)
+          handlers.add(ARNHandler, step: :validate, priority: 75)
+          handlers.add(UrlHandler)
+        end
+
+        class UrlHandler < Seahorse::Client::Handler
+          def call(context)
+            if context.metadata[:s3_arn]
+              ARN.resolve_url!(
+                context.http_request.endpoint,
+                context.metadata[:s3_arn][:arn],
+                context.metadata[:s3_arn][:resolved_region],
+                context.metadata[:s3_arn][:dualstack]
+              )
+            end
+            @handler.call(context)
+          end
+        end
+
+        class ARNHandler < Seahorse::Client::Handler
+          def call(context)
+            arn_member = _arn_member(context.operation.input.shape)
+            if arn_member && (bucket = context.params[arn_member])
+              resolved_region, arn = ARN.resolve_arn!(
+                bucket,
+                context.config.region,
+                context.config.s3_use_arn_region
+              )
+              if arn
+                validate_config!(context, arn)
+
+                if arn.is_a?(OutpostAccessPointARN) ||
+                   arn.is_a?(OutpostBucketARN)
+                  set_outpost_header!(context, arn)
+                  # disable account_id prefix for outposts urls
+                  context.config.disable_host_prefix_injection = true
+                end
+                set_account_param!(context, arn)
+
+                # depending on the ARN's resource type, put the resource value
+                # back onto params
+                context.params[arn_member] = arn.input_member
+
+                context.metadata[:s3_arn] = {
+                  arn: arn,
+                  resolved_region: resolved_region,
+                  dualstack: extract_dualstack_config!(context)
+                }
+              end
+            end
+            @handler.call(context)
+          end
+
+          private
+
+          # This looks for BucketName or AccessPointName, but prefers BucketName
+          # for CreateAccessPoint because it contains both but should not have
+          # an Access Point ARN as AccessPointName.
+          def _arn_member(input)
+            input.members.each do |member, ref|
+              if ref.shape.name == 'BucketName' ||
+                 (ref.shape.name == 'AccessPointName' &&
+                  input.name != 'CreateAccessPointRequest')
+                return member
+              end
+            end
+          end
+
+          # other plugins use dualstack so disable it when we're done
+          def extract_dualstack_config!(context)
+            dualstack = context[:use_dualstack_endpoint]
+            context[:use_dualstack_endpoint] = false if dualstack
+            dualstack
+          end
+
+          def validate_config!(context, arn)
+            unless context.config.regional_endpoint
+              raise ArgumentError,
+                    'Cannot provide both an Access Point ARN and setting '\
+                    ':endpoint.'
+            end
+
+            if !arn.support_dualstack? && context[:use_dualstack_endpoint]
+              raise ArgumentError,
+                    'Cannot provide both an Outpost Access Point ARN and '\
+                    'setting :use_dualstack_endpoint to true.'
+            end
+          end
+
+          def set_outpost_header!(context, arn)
+            context.http_request.headers['x-amz-outpost-id'] = arn.outpost_id
+          end
+
+          def set_account_param!(context, arn)
+            if context.params[:account_id] &&
+               context.params[:account_id] != arn.account_id
+              raise ArgumentError,
+                    'Cannot provide an Account ID that is different from the '\
+                    'Account ID in the ARN.'
+            end
+            context.params[:account_id] = arn.account_id
+          end
+        end
+
+        class << self
+          # @api private
+          def resolve_arn!(member_value, region, use_arn_region)
+            if Aws::ARNParser.arn?(member_value)
+              arn = Aws::ARNParser.parse(member_value)
+              if arn.resource.include?('bucket')
+                s3_arn = Aws::S3Control::OutpostBucketARN.new(arn.to_h)
+              elsif arn.resource.include?('accesspoint')
+                s3_arn = Aws::S3Control::OutpostAccessPointARN.new(arn.to_h)
+              else
+                raise ArgumentError,
+                      'Only Outpost Bucket and Outpost Access Point ARNs are '\
+                      'currently supported.'
+              end
+              s3_arn.validate_arn!
+              validate_region_config!(s3_arn, region, use_arn_region)
+              region = s3_arn.region if use_arn_region
+              [region, s3_arn]
+            else
+              [region]
+            end
+          end
+
+          # @api private
+          def resolve_url!(url, arn, region, dualstack = false)
+            url.host = arn.host_url(region, dualstack)
+            url
+          end
+
+          private
+
+          def resolve_s3_use_arn_region(cfg)
+            value = ENV['AWS_S3_USE_ARN_REGION'] ||
+                    Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
+                    'true'
+            value = Aws::Util.str_2_bool(value)
+            # Raise if provided value is not true or false
+            if value.nil?
+              raise ArgumentError,
+                    'Must provide either `true` or `false` for '\
+                    's3_use_arn_region profile option or for '\
+                    "ENV['AWS_S3_USE_ARN_REGION']"
+            end
+            value
+          end
+
+          def validate_region_config!(arn, region, use_arn_region)
+            fips = arn.support_fips?
+
+            # s3-external-1 is specific just to s3 and not part of partitions
+            # aws-global is a partition region
+            unless arn.partition == 'aws' &&
+                   (region == 's3-external-1' || region == 'aws-global')
+              if !fips && arn.region.include?('fips')
+                raise ArgumentError,
+                      'FIPS region ARNs are not supported for this type of ARN.'
+              end
+
+              if !fips && !use_arn_region && region.include?('fips')
+                raise ArgumentError,
+                      'FIPS client regions are not supported for this type of '\
+                      'ARN without s3_use_arn_region.'
+              end
+
+              # if it's a fips region, attempt to normalize it
+              if fips || use_arn_region
+                region = region.gsub('fips-', '').gsub('-fips', '')
+              end
+              if use_arn_region &&
+                 !Aws::Partitions.partition(arn.partition).region?(region)
+                raise Aws::Errors::InvalidARNPartitionError
+              end
+
+              if !use_arn_region && region != arn.region
+                raise Aws::Errors::InvalidARNRegionError
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3control/plugins/dualstack.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3Control
     module Plugins
@@ -20,7 +22,9 @@ for all operations.
         # @api private
         class OptionHandler < Seahorse::Client::Handler
           def call(context)
-            dualstack = context.params.delete(:use_dualstack_endpoint)
+            if context.params.is_a?(Hash)
+              dualstack = context.params.delete(:use_dualstack_endpoint)
+            end
             dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
             context[:use_dualstack_endpoint] = dualstack
             @handler.call(context)

data/lib/aws-sdk-s3control/plugins/{s3_signer.rb → s3_control_signer.rb}

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'aws-sigv4'
 
 module Aws
@@ -5,10 +7,15 @@ module Aws
     module Plugins
       # This plugin is an implementation detail and may be modified.
       # @api private
-      class S3Signer < Seahorse::Client::Plugin
+      class S3ControlSigner < Seahorse::Client::Plugin
+        SPECIAL_OUTPOST_OPERATIONS = [
+          'CreateBucket',
+          'ListRegionalBuckets'
+        ].freeze
 
         option(:sigv4_signer) do |cfg|
-          S3Signer.build_v4_signer(
+          S3ControlSigner.build_v4_signer(
+            service: 's3',
             region: cfg.sigv4_region,
             credentials: cfg.credentials
           )
@@ -20,12 +27,11 @@ module Aws
           Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
         end
 
-        def add_handlers(handlers, cfg)
+        def add_handlers(handlers, _cfg)
           handlers.add(V4Handler, step: :sign)
         end
 
         class V4Handler < Seahorse::Client::Handler
-
           def call(context)
             Aws::Plugins::SignatureV4.apply_signature(
               context: context,
@@ -37,47 +43,48 @@ module Aws
           private
 
           def sigv4_signer(context)
-            # If the client was configured with the wrong region,
-            # we have to build a new signer.
-            if
-              context[:cached_sigv4_region] &&
-                context[:cached_sigv4_region] != context.config.sigv4_signer.region
-              then
-              S3Signer.build_v4_signer(
-                region: context[:cached_sigv4_region],
+            if (arn = context.metadata[:s3_arn]) &&
+               arn[:arn].respond_to?(:outpost_id)
+              S3ControlSigner.build_v4_signer(
+                service: 's3-outposts',
+                region: arn[:resolved_region],
+                credentials: context.config.credentials
+              )
+            elsif outpost_operation?(context)
+              context.http_request.endpoint.host =
+                "s3-outposts.#{context.config.region}.amazonaws.com"
+              S3ControlSigner.build_v4_signer(
+                service: 's3-outposts',
+                region: context.config.region,
                 credentials: context.config.credentials
               )
             else
               context.config.sigv4_signer
             end
           end
+
+          # Some operations do not take an ARN parameter and are special cases
+          # For these operations, the presence of the outpost_id parameter
+          # must trigger special endpoint and signer redirection
+          def outpost_operation?(context)
+            SPECIAL_OUTPOST_OPERATIONS.include?(context.operation.name) &&
+              context.params[:outpost_id]
+          end
         end
 
         class << self
-
           # @option options [required, String] :region
           # @option options [required, #credentials] :credentials
           # @api private
           def build_v4_signer(options = {})
-            Aws::Sigv4::Signer.new({
-              service: 's3',
+            Aws::Sigv4::Signer.new(
+              service: options[:service],
               region: options[:region],
               credentials_provider: options[:credentials],
               uri_escape_path: false,
-              unsigned_headers: ['content-length', 'x-amzn-trace-id'],
-            })
-          end
-
-          def new_hostname(context, region)
-            bucket = context.params[:bucket]
-            if region == 'us-east-1'
-              "#{bucket}.s3.amazonaws.com"
-            else
-              endpoint = Aws::Partitions::EndpointProvider.resolve(region, 's3')
-              bucket + '.' + URI.parse(endpoint).host
-            end
+              unsigned_headers: ['content-length', 'x-amzn-trace-id']
+            )
           end
-
         end
       end
     end

data/lib/aws-sdk-s3control/plugins/s3_host_id.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3Control
     module Plugins

data/lib/aws-sdk-s3control/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-s3control/types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -8,6 +10,28 @@
 module Aws::S3Control
   module Types
 
+    # The container for abort incomplete multipart upload
+    #
+    # @note When making an API call, you may pass AbortIncompleteMultipartUpload
+    #   data as a hash:
+    #
+    #       {
+    #         days_after_initiation: 1,
+    #       }
+    #
+    # @!attribute [rw] days_after_initiation
+    #   Specifies the number of days after which Amazon S3 aborts an
+    #   incomplete multipart upload to the Outposts bucket.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AbortIncompleteMultipartUpload AWS API Documentation
+    #
+    class AbortIncompleteMultipartUpload < Struct.new(
+      :days_after_initiation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An access point used to access a bucket.
     #
     # @!attribute [rw] name
@@ -32,13 +56,84 @@ module Aws::S3Control
     #   The name of the bucket associated with this access point.
     #   @return [String]
     #
+    # @!attribute [rw] access_point_arn
+    #   The ARN for the access point.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AccessPoint AWS API Documentation
     #
     class AccessPoint < Struct.new(
       :name,
       :network_origin,
       :vpc_configuration,
-      :bucket)
+      :bucket,
+      :access_point_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the account level Amazon S3 Storage Lens
+    # configuration.
+    #
+    # @note When making an API call, you may pass AccountLevel
+    #   data as a hash:
+    #
+    #       {
+    #         activity_metrics: {
+    #           is_enabled: false,
+    #         },
+    #         bucket_level: { # required
+    #           activity_metrics: {
+    #             is_enabled: false,
+    #           },
+    #           prefix_level: {
+    #             storage_metrics: { # required
+    #               is_enabled: false,
+    #               selection_criteria: {
+    #                 delimiter: "StorageLensPrefixLevelDelimiter",
+    #                 max_depth: 1,
+    #                 min_storage_bytes_percentage: 1.0,
+    #               },
+    #             },
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] activity_metrics
+    #   A container for the S3 Storage Lens activity metrics.
+    #   @return [Types::ActivityMetrics]
+    #
+    # @!attribute [rw] bucket_level
+    #   A container for the S3 Storage Lens bucket-level configuration.
+    #   @return [Types::BucketLevel]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AccountLevel AWS API Documentation
+    #
+    class AccountLevel < Struct.new(
+      :activity_metrics,
+      :bucket_level)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the activity metrics.
+    #
+    # @note When making an API call, you may pass ActivityMetrics
+    #   data as a hash:
+    #
+    #       {
+    #         is_enabled: false,
+    #       }
+    #
+    # @!attribute [rw] is_enabled
+    #   A container for whether the activity metrics are enabled.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ActivityMetrics AWS API Documentation
+    #
+    class ActivityMetrics < Struct.new(
+      :is_enabled)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -49,6 +144,62 @@ module Aws::S3Control
     #
     class BadRequestException < Struct.new(
       :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The requested Outposts bucket name is not available. The bucket
+    # namespace is shared by all users of the AWS Outposts in this Region.
+    # Select a different name and try again.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketAlreadyExists AWS API Documentation
+    #
+    class BucketAlreadyExists < Aws::EmptyStructure; end
+
+    # The Outposts bucket you tried to create already exists, and you own
+    # it.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketAlreadyOwnedByYou AWS API Documentation
+    #
+    class BucketAlreadyOwnedByYou < Aws::EmptyStructure; end
+
+    # A container for the bucket-level configuration.
+    #
+    # @note When making an API call, you may pass BucketLevel
+    #   data as a hash:
+    #
+    #       {
+    #         activity_metrics: {
+    #           is_enabled: false,
+    #         },
+    #         prefix_level: {
+    #           storage_metrics: { # required
+    #             is_enabled: false,
+    #             selection_criteria: {
+    #               delimiter: "StorageLensPrefixLevelDelimiter",
+    #               max_depth: 1,
+    #               min_storage_bytes_percentage: 1.0,
+    #             },
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] activity_metrics
+    #   A container for the bucket-level activity metrics for Amazon S3
+    #   Storage Lens
+    #   @return [Types::ActivityMetrics]
+    #
+    # @!attribute [rw] prefix_level
+    #   A container for the bucket-level prefix-level metrics for S3 Storage
+    #   Lens
+    #   @return [Types::PrefixLevel]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketLevel AWS API Documentation
+    #
+    class BucketLevel < Struct.new(
+      :activity_metrics,
+      :prefix_level)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -82,19 +233,38 @@ module Aws::S3Control
     # @!attribute [rw] bucket
     #   The name of the bucket that you want to associate this access point
     #   with.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] vpc_configuration
     #   If you include this field, Amazon S3 restricts access to this access
     #   point to requests from the specified virtual private cloud (VPC).
+    #
+    #   <note markdown="1"> This is required for creating an access point for Amazon S3 on
+    #   Outposts buckets.
+    #
+    #    </note>
     #   @return [Types::VpcConfiguration]
     #
     # @!attribute [rw] public_access_block_configuration
     #   The `PublicAccessBlock` configuration that you want to apply to this
-    #   Amazon S3 bucket. You can enable the configuration options in any
+    #   Amazon S3 account. You can enable the configuration options in any
     #   combination. For more information about when Amazon S3 considers a
     #   bucket or object public, see [The Meaning of "Public"][1] in the
-    #   Amazon Simple Storage Service Developer Guide.
+    #   *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -109,6 +279,197 @@ module Aws::S3Control
       :bucket,
       :vpc_configuration,
       :public_access_block_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] access_point_arn
+    #   The ARN of the access point.
+    #
+    #   <note markdown="1"> This is only supported by Amazon S3 on Outposts.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessPointResult AWS API Documentation
+    #
+    class CreateAccessPointResult < Struct.new(
+      :access_point_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the bucket configuration.
+    #
+    # <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #  </note>
+    #
+    # @note When making an API call, you may pass CreateBucketConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #       }
+    #
+    # @!attribute [rw] location_constraint
+    #   Specifies the Region where the bucket will be created. If you are
+    #   creating a bucket on the US East (N. Virginia) Region (us-east-1),
+    #   you do not need to specify the location.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketConfiguration AWS API Documentation
+    #
+    class CreateBucketConfiguration < Struct.new(
+      :location_constraint)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass CreateBucketRequest
+    #   data as a hash:
+    #
+    #       {
+    #         acl: "private", # accepts private, public-read, public-read-write, authenticated-read
+    #         bucket: "BucketName", # required
+    #         create_bucket_configuration: {
+    #           location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #         },
+    #         grant_full_control: "GrantFullControl",
+    #         grant_read: "GrantRead",
+    #         grant_read_acp: "GrantReadACP",
+    #         grant_write: "GrantWrite",
+    #         grant_write_acp: "GrantWriteACP",
+    #         object_lock_enabled_for_bucket: false,
+    #         outpost_id: "NonEmptyMaxLength64String",
+    #       }
+    #
+    # @!attribute [rw] acl
+    #   The canned ACL to apply to the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_bucket_configuration
+    #   The configuration information for the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Types::CreateBucketConfiguration]
+    #
+    # @!attribute [rw] grant_full_control
+    #   Allows grantee the read, write, read ACP, and write ACP permissions
+    #   on the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_read
+    #   Allows grantee to list the objects in the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_read_acp
+    #   Allows grantee to read the bucket ACL.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_write
+    #   Allows grantee to create, overwrite, and delete any object in the
+    #   bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_write_acp
+    #   Allows grantee to write the ACL for the applicable bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] object_lock_enabled_for_bucket
+    #   Specifies whether you want S3 Object Lock to be enabled for the new
+    #   bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] outpost_id
+    #   The ID of the Outposts where the bucket is being created.
+    #
+    #   <note markdown="1"> This is required by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketRequest AWS API Documentation
+    #
+    class CreateBucketRequest < Struct.new(
+      :acl,
+      :bucket,
+      :create_bucket_configuration,
+      :grant_full_control,
+      :grant_read,
+      :grant_read_acp,
+      :grant_write,
+      :grant_write_acp,
+      :object_lock_enabled_for_bucket,
+      :outpost_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] location
+    #   The location of the bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketResult AWS API Documentation
+    #
+    class CreateBucketResult < Struct.new(
+      :location,
+      :bucket_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -245,6 +606,7 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The AWS account ID that creates the job.
     #   @return [String]
     #
     # @!attribute [rw] confirmation_required
@@ -256,8 +618,8 @@ module Aws::S3Control
     # @!attribute [rw] operation
     #   The operation that you want this job to perform on each object
     #   listed in the manifest. For more information about the available
-    #   operations, see [Available Operations][1] in the *Amazon Simple
-    #   Storage Service Developer Guide*.
+    #   operations, see [Operations][1] in the *Amazon Simple Storage
+    #   Service Developer Guide*.
     #
     #
     #
@@ -294,13 +656,13 @@ module Aws::S3Control
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) for the AWS Identity and Access
-    #   Management (IAM) role that Batch Operations will use to execute this
+    #   Management (IAM) role that Batch Operations will use to run this
     #   job's operation on each object in the manifest.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   A set of tags to associate with the Amazon S3 Batch Operations job.
-    #   This is an optional parameter.
+    #   A set of tags to associate with the S3 Batch Operations job. This is
+    #   an optional parameter.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateJobRequest AWS API Documentation
@@ -316,6 +678,7 @@ module Aws::S3Control
       :priority,
       :role_arn,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -328,6 +691,7 @@ module Aws::S3Control
     #
     class CreateJobResult < Struct.new(
       :job_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -345,6 +709,19 @@ module Aws::S3Control
     #
     # @!attribute [rw] name
     #   The name of the access point whose policy you want to delete.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointPolicyRequest AWS API Documentation
@@ -352,6 +729,7 @@ module Aws::S3Control
     class DeleteAccessPointPolicyRequest < Struct.new(
       :account_id,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -369,6 +747,19 @@ module Aws::S3Control
     #
     # @!attribute [rw] name
     #   The name of the access point you want to delete.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointRequest AWS API Documentation
@@ -376,138 +767,386 @@ module Aws::S3Control
     class DeleteAccessPointRequest < Struct.new(
       :account_id,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteJobTaggingRequest
+    # @note When making an API call, you may pass DeleteBucketLifecycleConfigurationRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
-    #         job_id: "JobId", # required
+    #         bucket: "BucketName", # required
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The account ID of the lifecycle configuration to delete.
     #   @return [String]
     #
-    # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
-    #   delete.
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketLifecycleConfigurationRequest AWS API Documentation
     #
-    class DeleteJobTaggingRequest < Struct.new(
+    class DeleteBucketLifecycleConfigurationRequest < Struct.new(
       :account_id,
-      :job_id)
+      :bucket)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingResult AWS API Documentation
-    #
-    class DeleteJobTaggingResult < Aws::EmptyStructure; end
-
-    # @note When making an API call, you may pass DeletePublicAccessBlockRequest
+    # @note When making an API call, you may pass DeleteBucketPolicyRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to remove.
+    #   The account ID of the Outposts bucket.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeletePublicAccessBlockRequest AWS API Documentation
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
     #
-    class DeletePublicAccessBlockRequest < Struct.new(
-      :account_id)
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketPolicyRequest AWS API Documentation
+    #
+    class DeleteBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeJobRequest
+    # @note When making an API call, you may pass DeleteBucketRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
-    #         job_id: "JobId", # required
+    #         bucket: "BucketName", # required
     #       }
     #
     # @!attribute [rw] account_id
+    #   The account ID that owns the Outposts bucket.
     #   @return [String]
     #
-    # @!attribute [rw] job_id
-    #   The ID for the job whose information you want to retrieve.
+    # @!attribute [rw] bucket
+    #   Specifies the bucket being deleted.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketRequest AWS API Documentation
     #
-    class DescribeJobRequest < Struct.new(
+    class DeleteBucketRequest < Struct.new(
       :account_id,
-      :job_id)
+      :bucket)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] job
-    #   Contains the configuration parameters and status for the job
-    #   specified in the `Describe Job` request.
-    #   @return [Types::JobDescriptor]
+    # @note When making an API call, you may pass DeleteBucketTaggingRequest
+    #   data as a hash:
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobResult AWS API Documentation
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
     #
-    class DescribeJobResult < Struct.new(
-      :job)
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket tag set to be removed.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The bucket ARN that has the tag set to be removed.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketTaggingRequest AWS API Documentation
+    #
+    class DeleteBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetAccessPointPolicyRequest
+    # @note When making an API call, you may pass DeleteJobTaggingRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
-    #         name: "AccessPointName", # required
+    #         job_id: "JobId", # required
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the account that owns the specified access point.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
-    # @!attribute [rw] name
-    #   The name of the access point whose policy you want to retrieve.
+    # @!attribute [rw] job_id
+    #   The ID for the S3 Batch Operations job whose tags you want to
+    #   delete.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingRequest AWS API Documentation
     #
-    class GetAccessPointPolicyRequest < Struct.new(
+    class DeleteJobTaggingRequest < Struct.new(
       :account_id,
-      :name)
+      :job_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] policy
-    #   The access point policy associated with the specified access point.
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingResult AWS API Documentation
+    #
+    class DeleteJobTaggingResult < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass DeletePublicAccessBlockRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to remove.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyResult AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeletePublicAccessBlockRequest AWS API Documentation
     #
-    class GetAccessPointPolicyResult < Struct.new(
-      :policy)
+    class DeletePublicAccessBlockRequest < Struct.new(
+      :account_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetAccessPointPolicyStatusRequest
+    # @note When making an API call, you may pass DeleteStorageLensConfigurationRequest
     #   data as a hash:
     #
     #       {
+    #         config_id: "ConfigId", # required
     #         account_id: "AccountId", # required
-    #         name: "AccessPointName", # required
     #       }
     #
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
+    #   @return [String]
+    #
     # @!attribute [rw] account_id
-    #   The account ID for the account that owns the specified access point.
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteStorageLensConfigurationRequest AWS API Documentation
+    #
+    class DeleteStorageLensConfigurationRequest < Struct.new(
+      :config_id,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteStorageLensConfigurationTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteStorageLensConfigurationTaggingRequest AWS API Documentation
+    #
+    class DeleteStorageLensConfigurationTaggingRequest < Struct.new(
+      :config_id,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteStorageLensConfigurationTaggingResult AWS API Documentation
+    #
+    class DeleteStorageLensConfigurationTaggingResult < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass DescribeJobRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         job_id: "JobId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   @return [String]
+    #
+    # @!attribute [rw] job_id
+    #   The ID for the job whose information you want to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobRequest AWS API Documentation
+    #
+    class DescribeJobRequest < Struct.new(
+      :account_id,
+      :job_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] job
+    #   Contains the configuration parameters and status for the job
+    #   specified in the `Describe Job` request.
+    #   @return [Types::JobDescriptor]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobResult AWS API Documentation
+    #
+    class DescribeJobResult < Struct.new(
+      :job)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for what Amazon S3 Storage Lens will exclude.
+    #
+    # @note When making an API call, you may pass Exclude
+    #   data as a hash:
+    #
+    #       {
+    #         buckets: ["S3BucketArnString"],
+    #         regions: ["S3AWSRegion"],
+    #       }
+    #
+    # @!attribute [rw] buckets
+    #   A container for the S3 Storage Lens bucket excludes.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] regions
+    #   A container for the S3 Storage Lens Region excludes.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Exclude AWS API Documentation
+    #
+    class Exclude < Struct.new(
+      :buckets,
+      :regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point whose policy you want to retrieve.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyRequest AWS API Documentation
+    #
+    class GetAccessPointPolicyRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The access point policy associated with the specified access point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyResult AWS API Documentation
+    #
+    class GetAccessPointPolicyResult < Struct.new(
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointPolicyStatusRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
     #   @return [String]
     #
     # @!attribute [rw] name
@@ -520,6 +1159,7 @@ module Aws::S3Control
     class GetAccessPointPolicyStatusRequest < Struct.new(
       :account_id,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -531,6 +1171,7 @@ module Aws::S3Control
     #
     class GetAccessPointPolicyStatusResult < Struct.new(
       :policy_status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -549,6 +1190,19 @@ module Aws::S3Control
     # @!attribute [rw] name
     #   The name of the access point whose configuration information you
     #   want to retrieve.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointRequest AWS API Documentation
@@ -556,6 +1210,7 @@ module Aws::S3Control
     class GetAccessPointRequest < Struct.new(
       :account_id,
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -574,6 +1229,8 @@ module Aws::S3Control
     #   access from the public internet. Otherwise, `NetworkOrigin` is
     #   `Internet`, and the access point allows access from the public
     #   internet, subject to the access point and bucket access policies.
+    #
+    #   This will always be true for an Amazon S3 on Outposts access point
     #   @return [String]
     #
     # @!attribute [rw] vpc_configuration
@@ -583,10 +1240,12 @@ module Aws::S3Control
     #
     # @!attribute [rw] public_access_block_configuration
     #   The `PublicAccessBlock` configuration that you want to apply to this
-    #   Amazon S3 bucket. You can enable the configuration options in any
+    #   Amazon S3 account. You can enable the configuration options in any
     #   combination. For more information about when Amazon S3 considers a
     #   bucket or object public, see [The Meaning of "Public"][1] in the
-    #   Amazon Simple Storage Service Developer Guide.
+    #   *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -606,6 +1265,212 @@ module Aws::S3Control
       :vpc_configuration,
       :public_access_block_configuration,
       :creation_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketLifecycleConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketLifecycleConfigurationRequest AWS API Documentation
+    #
+    class GetBucketLifecycleConfigurationRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] rules
+    #   Container for the lifecycle rule of the Outposts bucket.
+    #   @return [Array<Types::LifecycleRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketLifecycleConfigurationResult AWS API Documentation
+    #
+    class GetBucketLifecycleConfigurationResult < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketPolicyRequest AWS API Documentation
+    #
+    class GetBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The policy of the Outposts bucket.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketPolicyResult AWS API Documentation
+    #
+    class GetBucketPolicyResult < Struct.new(
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketRequest AWS API Documentation
+    #
+    class GetBucketRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The Outposts bucket requested.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_enabled
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] creation_date
+    #   The creation date of the Outposts bucket.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketResult AWS API Documentation
+    #
+    class GetBucketResult < Struct.new(
+      :bucket,
+      :public_access_block_enabled,
+      :creation_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketTaggingRequest AWS API Documentation
+    #
+    class GetBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tag_set
+    #   The tags set of the Outposts bucket.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketTaggingResult AWS API Documentation
+    #
+    class GetBucketTaggingResult < Struct.new(
+      :tag_set)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -618,12 +1483,11 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   The ID for the S3 Batch Operations job whose tags you want to
     #   retrieve.
     #   @return [String]
     #
@@ -632,29 +1496,32 @@ module Aws::S3Control
     class GetJobTaggingRequest < Struct.new(
       :account_id,
       :job_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] tags
-    #   The set of tags associated with the Amazon S3 Batch Operations job.
+    #   The set of tags associated with the S3 Batch Operations job.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetJobTaggingResult AWS API Documentation
     #
     class GetJobTaggingResult < Struct.new(
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] public_access_block_configuration
     #   The `PublicAccessBlock` configuration currently in effect for this
-    #   Amazon Web Services account.
+    #   AWS account.
     #   @return [Types::PublicAccessBlockConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockOutput AWS API Documentation
     #
     class GetPublicAccessBlockOutput < Struct.new(
       :public_access_block_configuration)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -666,44 +1533,149 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to retrieve.
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to retrieve.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockRequest AWS API Documentation
     #
     class GetPublicAccessBlockRequest < Struct.new(
       :account_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] message
+    # @note When making an API call, you may pass GetStorageLensConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the Amazon S3 Storage Lens configuration.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/IdempotencyException AWS API Documentation
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
     #
-    class IdempotencyException < Struct.new(
-      :message)
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationRequest AWS API Documentation
+    #
+    class GetStorageLensConfigurationRequest < Struct.new(
+      :config_id,
+      :account_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] message
-    #   @return [String]
+    # @!attribute [rw] storage_lens_configuration
+    #   The S3 Storage Lens configuration requested.
+    #   @return [Types::StorageLensConfiguration]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/InternalServiceException AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationResult AWS API Documentation
     #
-    class InternalServiceException < Struct.new(
-      :message)
+    class GetStorageLensConfigurationResult < Struct.new(
+      :storage_lens_configuration)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] message
-    #   @return [String]
+    # @note When making an API call, you may pass GetStorageLensConfigurationTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the Amazon S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationTaggingRequest AWS API Documentation
+    #
+    class GetStorageLensConfigurationTaggingRequest < Struct.new(
+      :config_id,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   The tags of S3 Storage Lens configuration requested.
+    #   @return [Array<Types::StorageLensTag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationTaggingResult AWS API Documentation
+    #
+    class GetStorageLensConfigurationTaggingResult < Struct.new(
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/IdempotencyException AWS API Documentation
+    #
+    class IdempotencyException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for what Amazon S3 Storage Lens configuration includes.
+    #
+    # @note When making an API call, you may pass Include
+    #   data as a hash:
+    #
+    #       {
+    #         buckets: ["S3BucketArnString"],
+    #         regions: ["S3AWSRegion"],
+    #       }
+    #
+    # @!attribute [rw] buckets
+    #   A container for the S3 Storage Lens bucket includes.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] regions
+    #   A container for the S3 Storage Lens Region includes.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Include AWS API Documentation
+    #
+    class Include < Struct.new(
+      :buckets,
+      :regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/InternalServiceException AWS API Documentation
+    #
+    class InternalServiceException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] message
+    #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/InvalidNextTokenException AWS API Documentation
     #
     class InvalidNextTokenException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -714,6 +1686,7 @@ module Aws::S3Control
     #
     class InvalidRequestException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -749,7 +1722,7 @@ module Aws::S3Control
     #   @return [Types::JobManifest]
     #
     # @!attribute [rw] operation
-    #   The operation that the specified job is configured to execute on the
+    #   The operation that the specified job is configured to run on the
     #   objects listed in the manifest.
     #   @return [Types::JobOperation]
     #
@@ -758,12 +1731,13 @@ module Aws::S3Control
     #   @return [Integer]
     #
     # @!attribute [rw] progress_summary
-    #   Describes the total number of tasks that the specified job has
-    #   executed, the number of tasks that succeeded, and the number of
-    #   tasks that failed.
+    #   Describes the total number of tasks that the specified job has run,
+    #   the number of tasks that succeeded, and the number of tasks that
+    #   failed.
     #   @return [Types::JobProgressSummary]
     #
     # @!attribute [rw] status_update_reason
+    #   The reason for updating the job.
     #   @return [String]
     #
     # @!attribute [rw] failure_reasons
@@ -788,7 +1762,7 @@ module Aws::S3Control
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) for the AWS Identity and Access
-    #   Management (IAM) role assigned to execute the tasks for this job.
+    #   Management (IAM) role assigned to run the tasks for this job.
     #   @return [String]
     #
     # @!attribute [rw] suspended_date
@@ -823,6 +1797,7 @@ module Aws::S3Control
       :role_arn,
       :suspended_date,
       :suspended_cause)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -841,6 +1816,7 @@ module Aws::S3Control
     class JobFailure < Struct.new(
       :failure_code,
       :failure_reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -880,9 +1856,9 @@ module Aws::S3Control
     #   @return [Time]
     #
     # @!attribute [rw] progress_summary
-    #   Describes the total number of tasks that the specified job has
-    #   executed, the number of tasks that succeeded, and the number of
-    #   tasks that failed.
+    #   Describes the total number of tasks that the specified job has run,
+    #   the number of tasks that succeeded, and the number of tasks that
+    #   failed.
     #   @return [Types::JobProgressSummary]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobListDescriptor AWS API Documentation
@@ -896,6 +1872,7 @@ module Aws::S3Control
       :creation_time,
       :termination_date,
       :progress_summary)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -932,6 +1909,7 @@ module Aws::S3Control
     class JobManifest < Struct.new(
       :spec,
       :location)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -965,6 +1943,7 @@ module Aws::S3Control
       :object_arn,
       :object_version_id,
       :etag)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -995,13 +1974,14 @@ module Aws::S3Control
     class JobManifestSpec < Struct.new(
       :format,
       :fields)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # The operation that you want this job to perform on each object listed
     # in the manifest. For more information about the available operations,
-    # see [Available Operations][1] in the *Amazon Simple Storage Service
-    # Developer Guide*.
+    # see [Operations][1] in the *Amazon Simple Storage Service Developer
+    # Guide*.
     #
     #
     #
@@ -1113,45 +2093,48 @@ module Aws::S3Control
     #   @return [Types::LambdaInvokeOperation]
     #
     # @!attribute [rw] s3_put_object_copy
-    #   Directs the specified job to execute a PUT Copy object call on each
+    #   Directs the specified job to run a PUT Copy object call on each
     #   object in the manifest.
     #   @return [Types::S3CopyObjectOperation]
     #
     # @!attribute [rw] s3_put_object_acl
-    #   Directs the specified job to execute a PUT Object acl call on each
+    #   Directs the specified job to run a PUT Object acl call on each
     #   object in the manifest.
     #   @return [Types::S3SetObjectAclOperation]
     #
     # @!attribute [rw] s3_put_object_tagging
-    #   Directs the specified job to execute a PUT Object tagging call on
-    #   each object in the manifest.
+    #   Directs the specified job to run a PUT Object tagging call on each
+    #   object in the manifest.
     #   @return [Types::S3SetObjectTaggingOperation]
     #
     # @!attribute [rw] s3_initiate_restore_object
-    #   Directs the specified job to execute an Initiate Glacier Restore
-    #   call on each object in the manifest.
+    #   Directs the specified job to run an Initiate Glacier Restore call on
+    #   each object in the manifest.
     #   @return [Types::S3InitiateRestoreObjectOperation]
     #
     # @!attribute [rw] s3_put_object_legal_hold
-    #   Contains the configuration parameters for a Set Object Legal Hold
-    #   operation. Amazon S3 Batch Operations passes each value through to
-    #   the underlying PUT Object Legal Hold API. For more information about
-    #   the parameters for this operation, see [PUT Object Legal Hold][1].
+    #   Contains the configuration for an S3 Object Lock legal hold
+    #   operation that an S3 Batch Operations job passes each object through
+    #   to the underlying `PutObjectLegalHold` API. For more information,
+    #   see [Using S3 Object Lock legal hold with S3 Batch Operations][1] in
+    #   the *Amazon Simple Storage Service Developer Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-legal-hold.html
     #   @return [Types::S3SetObjectLegalHoldOperation]
     #
     # @!attribute [rw] s3_put_object_retention
-    #   Contains the configuration parameters for a Set Object Retention
-    #   operation. Amazon S3 Batch Operations passes each value through to
-    #   the underlying PUT Object Retention API. For more information about
-    #   the parameters for this operation, see [PUT Object Retention][1].
+    #   Contains the configuration parameters for the Object Lock retention
+    #   action for an S3 Batch Operations job. Batch Operations passes each
+    #   value through to the underlying `PutObjectRetention` API. For more
+    #   information, see [Using S3 Object Lock retention with S3 Batch
+    #   Operations][1] in the *Amazon Simple Storage Service Developer
+    #   Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #   @return [Types::S3SetObjectRetentionOperation]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobOperation AWS API Documentation
@@ -1164,11 +2147,12 @@ module Aws::S3Control
       :s3_initiate_restore_object,
       :s3_put_object_legal_hold,
       :s3_put_object_retention)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Describes the total number of tasks that the specified job has
-    # executed, the number of tasks that succeeded, and the number of tasks
+    # started, the number of tasks that succeeded, and the number of tasks
     # that failed.
     #
     # @!attribute [rw] total_number_of_tasks
@@ -1186,6 +2170,7 @@ module Aws::S3Control
       :total_number_of_tasks,
       :number_of_tasks_succeeded,
       :number_of_tasks_failed)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1218,9 +2203,8 @@ module Aws::S3Control
     #
     # @!attribute [rw] prefix
     #   An optional prefix to describe where in the specified bucket the
-    #   job-completion report will be stored. Amazon S3 will store the
-    #   job-completion report at
-    #   &lt;prefix&gt;/job-&lt;job-id&gt;/report.json.
+    #   job-completion report will be stored. Amazon S3 stores the
+    #   job-completion report at `<prefix>/job-<job-id>/report.json`.
     #   @return [String]
     #
     # @!attribute [rw] report_scope
@@ -1236,6 +2220,7 @@ module Aws::S3Control
       :enabled,
       :prefix,
       :report_scope)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1246,6 +2231,7 @@ module Aws::S3Control
     #
     class JobStatusException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1267,6 +2253,313 @@ module Aws::S3Control
     #
     class LambdaInvokeOperation < Struct.new(
       :function_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle configuration.
+    #
+    # @note When making an API call, you may pass LifecycleConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         rules: [
+    #           {
+    #             expiration: {
+    #               date: Time.now,
+    #               days: 1,
+    #               expired_object_delete_marker: false,
+    #             },
+    #             id: "ID",
+    #             filter: {
+    #               prefix: "Prefix",
+    #               tag: {
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
+    #               },
+    #               and: {
+    #                 prefix: "Prefix",
+    #                 tags: [
+    #                   {
+    #                     key: "TagKeyString", # required
+    #                     value: "TagValueString", # required
+    #                   },
+    #                 ],
+    #               },
+    #             },
+    #             status: "Enabled", # required, accepts Enabled, Disabled
+    #             transitions: [
+    #               {
+    #                 date: Time.now,
+    #                 days: 1,
+    #                 storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #               },
+    #             ],
+    #             noncurrent_version_transitions: [
+    #               {
+    #                 noncurrent_days: 1,
+    #                 storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #               },
+    #             ],
+    #             noncurrent_version_expiration: {
+    #               noncurrent_days: 1,
+    #             },
+    #             abort_incomplete_multipart_upload: {
+    #               days_after_initiation: 1,
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] rules
+    #   A lifecycle rule for individual objects in an Outposts bucket.
+    #   @return [Array<Types::LifecycleRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleConfiguration AWS API Documentation
+    #
+    class LifecycleConfiguration < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container of the Outposts bucket lifecycle expiration.
+    #
+    # @note When making an API call, you may pass LifecycleExpiration
+    #   data as a hash:
+    #
+    #       {
+    #         date: Time.now,
+    #         days: 1,
+    #         expired_object_delete_marker: false,
+    #       }
+    #
+    # @!attribute [rw] date
+    #   Indicates at what date the object is to be deleted. Should be in GMT
+    #   ISO 8601 format.
+    #   @return [Time]
+    #
+    # @!attribute [rw] days
+    #   Indicates the lifetime, in days, of the objects that are subject to
+    #   the rule. The value must be a non-zero positive integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] expired_object_delete_marker
+    #   Indicates whether Amazon S3 will remove a delete marker with no
+    #   noncurrent versions. If set to true, the delete marker will be
+    #   expired. If set to false, the policy takes no action. This cannot be
+    #   specified with Days or Date in a Lifecycle Expiration Policy.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleExpiration AWS API Documentation
+    #
+    class LifecycleExpiration < Struct.new(
+      :date,
+      :days,
+      :expired_object_delete_marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle rule.
+    #
+    # @note When making an API call, you may pass LifecycleRule
+    #   data as a hash:
+    #
+    #       {
+    #         expiration: {
+    #           date: Time.now,
+    #           days: 1,
+    #           expired_object_delete_marker: false,
+    #         },
+    #         id: "ID",
+    #         filter: {
+    #           prefix: "Prefix",
+    #           tag: {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #           and: {
+    #             prefix: "Prefix",
+    #             tags: [
+    #               {
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         status: "Enabled", # required, accepts Enabled, Disabled
+    #         transitions: [
+    #           {
+    #             date: Time.now,
+    #             days: 1,
+    #             storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #           },
+    #         ],
+    #         noncurrent_version_transitions: [
+    #           {
+    #             noncurrent_days: 1,
+    #             storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #           },
+    #         ],
+    #         noncurrent_version_expiration: {
+    #           noncurrent_days: 1,
+    #         },
+    #         abort_incomplete_multipart_upload: {
+    #           days_after_initiation: 1,
+    #         },
+    #       }
+    #
+    # @!attribute [rw] expiration
+    #   Specifies the expiration for the lifecycle of the object in the form
+    #   of date, days and, whether the object has a delete marker.
+    #   @return [Types::LifecycleExpiration]
+    #
+    # @!attribute [rw] id
+    #   Unique identifier for the rule. The value cannot be longer than 255
+    #   characters.
+    #   @return [String]
+    #
+    # @!attribute [rw] filter
+    #   The container for the filter of lifecycle rule.
+    #   @return [Types::LifecycleRuleFilter]
+    #
+    # @!attribute [rw] status
+    #   If 'Enabled', the rule is currently being applied. If
+    #   'Disabled', the rule is not currently being applied.
+    #   @return [String]
+    #
+    # @!attribute [rw] transitions
+    #   Specifies when an Amazon S3 object transitions to a specified
+    #   storage class.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Array<Types::Transition>]
+    #
+    # @!attribute [rw] noncurrent_version_transitions
+    #   Specifies the transition rule for the lifecycle rule that describes
+    #   when noncurrent objects transition to a specific storage class. If
+    #   your bucket is versioning-enabled (or versioning is suspended), you
+    #   can set this action to request that Amazon S3 transition noncurrent
+    #   object versions to a specific storage class at a set period in the
+    #   object's lifetime.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Array<Types::NoncurrentVersionTransition>]
+    #
+    # @!attribute [rw] noncurrent_version_expiration
+    #   The noncurrent version expiration of the lifecycle rule.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Types::NoncurrentVersionExpiration]
+    #
+    # @!attribute [rw] abort_incomplete_multipart_upload
+    #   Specifies the days since the initiation of an incomplete multipart
+    #   upload that Amazon S3 waits before permanently removing all parts of
+    #   the upload. For more information, see [ Aborting Incomplete
+    #   Multipart Uploads Using a Bucket Lifecycle Policy][1] in the *Amazon
+    #   Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config
+    #   @return [Types::AbortIncompleteMultipartUpload]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRule AWS API Documentation
+    #
+    class LifecycleRule < Struct.new(
+      :expiration,
+      :id,
+      :filter,
+      :status,
+      :transitions,
+      :noncurrent_version_transitions,
+      :noncurrent_version_expiration,
+      :abort_incomplete_multipart_upload)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle rule and operator.
+    #
+    # @note When making an API call, you may pass LifecycleRuleAndOperator
+    #   data as a hash:
+    #
+    #       {
+    #         prefix: "Prefix",
+    #         tags: [
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] prefix
+    #   Prefix identifying one or more objects to which the rule applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   All of these tags must exist in the object's tag set in order for
+    #   the rule to apply.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRuleAndOperator AWS API Documentation
+    #
+    class LifecycleRuleAndOperator < Struct.new(
+      :prefix,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the filter of the lifecycle rule.
+    #
+    # @note When making an API call, you may pass LifecycleRuleFilter
+    #   data as a hash:
+    #
+    #       {
+    #         prefix: "Prefix",
+    #         tag: {
+    #           key: "TagKeyString", # required
+    #           value: "TagValueString", # required
+    #         },
+    #         and: {
+    #           prefix: "Prefix",
+    #           tags: [
+    #             {
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] prefix
+    #   Prefix identifying one or more objects to which the rule applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag
+    #   @return [Types::S3Tag]
+    #
+    # @!attribute [rw] and
+    #   The container for the `AND` condition for the lifecycle rule.
+    #   @return [Types::LifecycleRuleAndOperator]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRuleFilter AWS API Documentation
+    #
+    class LifecycleRuleFilter < Struct.new(
+      :prefix,
+      :tag,
+      :and)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1288,6 +2581,18 @@ module Aws::S3Control
     # @!attribute [rw] bucket
     #   The name of the bucket whose associated access points you want to
     #   list.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -1312,6 +2617,7 @@ module Aws::S3Control
       :bucket,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1322,9 +2628,9 @@ module Aws::S3Control
     #
     # @!attribute [rw] next_token
     #   If the specified bucket has more access points than can be returned
-    #   in one call to this API, then this field contains a continuation
-    #   token that you can provide in subsequent calls to this API to
-    #   retrieve additional access points.
+    #   in one call to this API, this field contains a continuation token
+    #   that you can provide in subsequent calls to this API to retrieve
+    #   additional access points.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessPointsResult AWS API Documentation
@@ -1332,6 +2638,7 @@ module Aws::S3Control
     class ListAccessPointsResult < Struct.new(
       :access_point_list,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1373,6 +2680,7 @@ module Aws::S3Control
       :job_statuses,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1392,57 +2700,323 @@ module Aws::S3Control
     class ListJobsResult < Struct.new(
       :next_token,
       :jobs)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # Amazon S3 throws this exception if you make a `GetPublicAccessBlock`
-    # request against an account that doesn't have a
-    # `PublicAccessBlockConfiguration` set.
+    # @note When making an API call, you may pass ListRegionalBucketsRequest
+    #   data as a hash:
     #
-    # @!attribute [rw] message
+    #       {
+    #         account_id: "AccountId", # required
+    #         next_token: "NonEmptyMaxLength1024String",
+    #         max_results: 1,
+    #         outpost_id: "NonEmptyMaxLength64String",
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoSuchPublicAccessBlockConfiguration AWS API Documentation
+    # @!attribute [rw] next_token
+    #   @return [String]
     #
-    class NoSuchPublicAccessBlockConfiguration < Struct.new(
-      :message)
+    # @!attribute [rw] max_results
+    #   @return [Integer]
+    #
+    # @!attribute [rw] outpost_id
+    #   The ID of the AWS Outposts.
+    #
+    #   <note markdown="1"> This is required by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListRegionalBucketsRequest AWS API Documentation
+    #
+    class ListRegionalBucketsRequest < Struct.new(
+      :account_id,
+      :next_token,
+      :max_results,
+      :outpost_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] message
+    # @!attribute [rw] regional_bucket_list
+    #   @return [Array<Types::RegionalBucket>]
+    #
+    # @!attribute [rw] next_token
+    #   `NextToken` is sent when `isTruncated` is true, which means there
+    #   are more buckets that can be listed. The next list requests to
+    #   Amazon S3 can be continued with this `NextToken`. `NextToken` is
+    #   obfuscated and is not a real key.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NotFoundException AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListRegionalBucketsResult AWS API Documentation
     #
-    class NotFoundException < Struct.new(
-      :message)
+    class ListRegionalBucketsResult < Struct.new(
+      :regional_bucket_list,
+      :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # Indicates whether this access point policy is public. For more
-    # information about how Amazon S3 evaluates policies to determine
-    # whether they are public, see [The Meaning of "Public"][1] in the
-    # *Amazon Simple Storage Service Developer Guide*.
+    # Part of `ListStorageLensConfigurationResult`. Each entry includes the
+    # description of the S3 Storage Lens configuration, its home Region,
+    # whether it is enabled, its Amazon Resource Name (ARN), and config ID.
     #
+    # @!attribute [rw] id
+    #   A container for the S3 Storage Lens configuration ID.
+    #   @return [String]
     #
+    # @!attribute [rw] storage_lens_arn
+    #   The ARN of the S3 Storage Lens configuration. This property is
+    #   read-only.
+    #   @return [String]
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
+    # @!attribute [rw] home_region
+    #   A container for the S3 Storage Lens home Region. Your metrics data
+    #   is stored and retained in your designated S3 Storage Lens home
+    #   Region.
+    #   @return [String]
     #
-    # @!attribute [rw] is_public
+    # @!attribute [rw] is_enabled
+    #   A container for whether the S3 Storage Lens configuration is
+    #   enabled. This property is required.
     #   @return [Boolean]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PolicyStatus AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListStorageLensConfigurationEntry AWS API Documentation
     #
-    class PolicyStatus < Struct.new(
-      :is_public)
+    class ListStorageLensConfigurationEntry < Struct.new(
+      :id,
+      :storage_lens_arn,
+      :home_region,
+      :is_enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListStorageLensConfigurationsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         next_token: "ContinuationToken",
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination token to request the next page of results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListStorageLensConfigurationsRequest AWS API Documentation
+    #
+    class ListStorageLensConfigurationsRequest < Struct.new(
+      :account_id,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   If the request produced more than the maximum number of S3 Storage
+    #   Lens configuration results, you can pass this value into a
+    #   subsequent request to retrieve the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] storage_lens_configuration_list
+    #   A list of S3 Storage Lens configurations.
+    #   @return [Array<Types::ListStorageLensConfigurationEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListStorageLensConfigurationsResult AWS API Documentation
+    #
+    class ListStorageLensConfigurationsResult < Struct.new(
+      :next_token,
+      :storage_lens_configuration_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Amazon S3 throws this exception if you make a `GetPublicAccessBlock`
+    # request against an account that doesn't have a
+    # `PublicAccessBlockConfiguration` set.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoSuchPublicAccessBlockConfiguration AWS API Documentation
+    #
+    class NoSuchPublicAccessBlockConfiguration < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container of the noncurrent version expiration.
+    #
+    # @note When making an API call, you may pass NoncurrentVersionExpiration
+    #   data as a hash:
+    #
+    #       {
+    #         noncurrent_days: 1,
+    #       }
+    #
+    # @!attribute [rw] noncurrent_days
+    #   Specifies the number of days an object is noncurrent before Amazon
+    #   S3 can perform the associated action. For information about the
+    #   noncurrent days calculations, see [How Amazon S3 Calculates When an
+    #   Object Became Noncurrent][1] in the *Amazon Simple Storage Service
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoncurrentVersionExpiration AWS API Documentation
+    #
+    class NoncurrentVersionExpiration < Struct.new(
+      :noncurrent_days)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the noncurrent version transition.
+    #
+    # @note When making an API call, you may pass NoncurrentVersionTransition
+    #   data as a hash:
+    #
+    #       {
+    #         noncurrent_days: 1,
+    #         storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #       }
+    #
+    # @!attribute [rw] noncurrent_days
+    #   Specifies the number of days an object is noncurrent before Amazon
+    #   S3 can perform the associated action. For information about the
+    #   noncurrent days calculations, see [ How Amazon S3 Calculates How
+    #   Long an Object Has Been Noncurrent][1] in the *Amazon Simple Storage
+    #   Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations
+    #   @return [Integer]
+    #
+    # @!attribute [rw] storage_class
+    #   The class of storage used to store the object.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoncurrentVersionTransition AWS API Documentation
+    #
+    class NoncurrentVersionTransition < Struct.new(
+      :noncurrent_days,
+      :storage_class)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NotFoundException AWS API Documentation
+    #
+    class NotFoundException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Indicates whether this access point policy is public. For more
+    # information about how Amazon S3 evaluates policies to determine
+    # whether they are public, see [The Meaning of "Public"][1] in the
+    # *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
+    #
+    # @!attribute [rw] is_public
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PolicyStatus AWS API Documentation
+    #
+    class PolicyStatus < Struct.new(
+      :is_public)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the prefix-level configuration.
+    #
+    # @note When making an API call, you may pass PrefixLevel
+    #   data as a hash:
+    #
+    #       {
+    #         storage_metrics: { # required
+    #           is_enabled: false,
+    #           selection_criteria: {
+    #             delimiter: "StorageLensPrefixLevelDelimiter",
+    #             max_depth: 1,
+    #             min_storage_bytes_percentage: 1.0,
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] storage_metrics
+    #   A container for the prefix-level storage metrics for S3 Storage
+    #   Lens.
+    #   @return [Types::PrefixLevelStorageMetrics]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PrefixLevel AWS API Documentation
+    #
+    class PrefixLevel < Struct.new(
+      :storage_metrics)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the prefix-level storage metrics for S3 Storage Lens.
+    #
+    # @note When making an API call, you may pass PrefixLevelStorageMetrics
+    #   data as a hash:
+    #
+    #       {
+    #         is_enabled: false,
+    #         selection_criteria: {
+    #           delimiter: "StorageLensPrefixLevelDelimiter",
+    #           max_depth: 1,
+    #           min_storage_bytes_percentage: 1.0,
+    #         },
+    #       }
+    #
+    # @!attribute [rw] is_enabled
+    #   A container for whether prefix-level storage metrics are enabled.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] selection_criteria
+    #   @return [Types::SelectionCriteria]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PrefixLevelStorageMetrics AWS API Documentation
+    #
+    class PrefixLevelStorageMetrics < Struct.new(
+      :is_enabled,
+      :selection_criteria)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # The `PublicAccessBlock` configuration that you want to apply to this
-    # Amazon S3 bucket. You can enable the configuration options in any
+    # Amazon S3 account. You can enable the configuration options in any
     # combination. For more information about when Amazon S3 considers a
     # bucket or object public, see [The Meaning of "Public"][1] in the
-    # Amazon Simple Storage Service Developer Guide.
+    # *Amazon Simple Storage Service Developer Guide*.
+    #
+    # This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -1471,6 +3045,8 @@ module Aws::S3Control
     #   * PUT Bucket calls fail if the request includes a public ACL.
     #
     #   Enabling this setting doesn't affect existing policies or ACLs.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] ignore_public_acls
@@ -1481,6 +3057,8 @@ module Aws::S3Control
     #
     #   Enabling this setting doesn't affect the persistence of any
     #   existing ACLs and doesn't prevent new public ACLs from being set.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] block_public_policy
@@ -1490,18 +3068,22 @@ module Aws::S3Control
     #   bucket policy allows public access.
     #
     #   Enabling this setting doesn't affect existing bucket policies.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] restrict_public_buckets
     #   Specifies whether Amazon S3 should restrict public bucket policies
     #   for buckets in this account. Setting this element to `TRUE`
-    #   restricts access to buckets with public policies to only AWS
-    #   services and authorized users within this account.
+    #   restricts access to buckets with public policies to only AWS service
+    #   principals and authorized users within this account.
     #
     #   Enabling this setting doesn't affect previously stored bucket
     #   policies, except that public and cross-account access within any
     #   public bucket policy, including non-public delegation to specific
     #   accounts, is blocked.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PublicAccessBlockConfiguration AWS API Documentation
@@ -1511,6 +3093,7 @@ module Aws::S3Control
       :ignore_public_acls,
       :block_public_policy,
       :restrict_public_buckets)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1531,12 +3114,25 @@ module Aws::S3Control
     # @!attribute [rw] name
     #   The name of the access point that you want to associate with the
     #   specified policy.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] policy
     #   The policy that you want to apply to the specified access point. For
-    #   more information about access point policies, see [Managing Data
-    #   Access with Amazon S3 Access Points][1] in the *Amazon Simple
+    #   more information about access point policies, see [Managing data
+    #   access with Amazon S3 Access Points][1] in the *Amazon Simple
     #   Storage Service Developer Guide*.
     #
     #
@@ -1544,21 +3140,373 @@ module Aws::S3Control
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessPointPolicyRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessPointPolicyRequest AWS API Documentation
+    #
+    class PutAccessPointPolicyRequest < Struct.new(
+      :account_id,
+      :name,
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketLifecycleConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         lifecycle_configuration: {
+    #           rules: [
+    #             {
+    #               expiration: {
+    #                 date: Time.now,
+    #                 days: 1,
+    #                 expired_object_delete_marker: false,
+    #               },
+    #               id: "ID",
+    #               filter: {
+    #                 prefix: "Prefix",
+    #                 tag: {
+    #                   key: "TagKeyString", # required
+    #                   value: "TagValueString", # required
+    #                 },
+    #                 and: {
+    #                   prefix: "Prefix",
+    #                   tags: [
+    #                     {
+    #                       key: "TagKeyString", # required
+    #                       value: "TagValueString", # required
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #               status: "Enabled", # required, accepts Enabled, Disabled
+    #               transitions: [
+    #                 {
+    #                   date: Time.now,
+    #                   days: 1,
+    #                   storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #                 },
+    #               ],
+    #               noncurrent_version_transitions: [
+    #                 {
+    #                   noncurrent_days: 1,
+    #                   storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #                 },
+    #               ],
+    #               noncurrent_version_expiration: {
+    #                 noncurrent_days: 1,
+    #               },
+    #               abort_incomplete_multipart_upload: {
+    #                 days_after_initiation: 1,
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket for which to set the configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] lifecycle_configuration
+    #   Container for lifecycle rules. You can add as many as 1,000 rules.
+    #   @return [Types::LifecycleConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketLifecycleConfigurationRequest AWS API Documentation
+    #
+    class PutBucketLifecycleConfigurationRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :lifecycle_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         confirm_remove_self_bucket_access: false,
+    #         policy: "Policy", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] confirm_remove_self_bucket_access
+    #   Set this parameter to true to confirm that you want to remove your
+    #   permissions to change this bucket policy in the future.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] policy
+    #   The bucket policy as a JSON document.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketPolicyRequest AWS API Documentation
+    #
+    class PutBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :confirm_remove_self_bucket_access,
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         tagging: { # required
+    #           tag_set: [ # required
+    #             {
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] tagging
+    #   @return [Types::Tagging]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketTaggingRequest AWS API Documentation
+    #
+    class PutBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :tagging)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutJobTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         job_id: "JobId", # required
+    #         tags: [ # required
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID associated with the S3 Batch Operations job.
+    #   @return [String]
+    #
+    # @!attribute [rw] job_id
+    #   The ID for the S3 Batch Operations job whose tags you want to
+    #   replace.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The set of tags to associate with the S3 Batch Operations job.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingRequest AWS API Documentation
+    #
+    class PutJobTaggingRequest < Struct.new(
+      :account_id,
+      :job_id,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingResult AWS API Documentation
+    #
+    class PutJobTaggingResult < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass PutPublicAccessBlockRequest
+    #   data as a hash:
+    #
+    #       {
+    #         public_access_block_configuration: { # required
+    #           block_public_acls: false,
+    #           ignore_public_acls: false,
+    #           block_public_policy: false,
+    #           restrict_public_buckets: false,
+    #         },
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] public_access_block_configuration
+    #   The `PublicAccessBlock` configuration that you want to apply to the
+    #   specified AWS account.
+    #   @return [Types::PublicAccessBlockConfiguration]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to set.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutPublicAccessBlockRequest AWS API Documentation
+    #
+    class PutPublicAccessBlockRequest < Struct.new(
+      :public_access_block_configuration,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutStorageLensConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #         storage_lens_configuration: { # required
+    #           id: "ConfigId", # required
+    #           account_level: { # required
+    #             activity_metrics: {
+    #               is_enabled: false,
+    #             },
+    #             bucket_level: { # required
+    #               activity_metrics: {
+    #                 is_enabled: false,
+    #               },
+    #               prefix_level: {
+    #                 storage_metrics: { # required
+    #                   is_enabled: false,
+    #                   selection_criteria: {
+    #                     delimiter: "StorageLensPrefixLevelDelimiter",
+    #                     max_depth: 1,
+    #                     min_storage_bytes_percentage: 1.0,
+    #                   },
+    #                 },
+    #               },
+    #             },
+    #           },
+    #           include: {
+    #             buckets: ["S3BucketArnString"],
+    #             regions: ["S3AWSRegion"],
+    #           },
+    #           exclude: {
+    #             buckets: ["S3BucketArnString"],
+    #             regions: ["S3AWSRegion"],
+    #           },
+    #           data_export: {
+    #             s3_bucket_destination: { # required
+    #               format: "CSV", # required, accepts CSV, Parquet
+    #               output_schema_version: "V_1", # required, accepts V_1
+    #               account_id: "AccountId", # required
+    #               arn: "S3BucketArnString", # required
+    #               prefix: "Prefix",
+    #               encryption: {
+    #                 sses3: {
+    #                 },
+    #                 ssekms: {
+    #                   key_id: "SSEKMSKeyId", # required
+    #                 },
+    #               },
+    #             },
+    #           },
+    #           is_enabled: false, # required
+    #           aws_org: {
+    #             arn: "AwsOrgArn", # required
+    #           },
+    #           storage_lens_arn: "StorageLensArn",
+    #         },
+    #         tags: [
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @!attribute [rw] storage_lens_configuration
+    #   The S3 Storage Lens configuration.
+    #   @return [Types::StorageLensConfiguration]
+    #
+    # @!attribute [rw] tags
+    #   The tag set of the S3 Storage Lens configuration.
+    #
+    #   <note markdown="1"> You can set up to a maximum of 50 tags.
+    #
+    #    </note>
+    #   @return [Array<Types::StorageLensTag>]
     #
-    class PutAccessPointPolicyRequest < Struct.new(
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutStorageLensConfigurationRequest AWS API Documentation
+    #
+    class PutStorageLensConfigurationRequest < Struct.new(
+      :config_id,
       :account_id,
-      :name,
-      :policy)
+      :storage_lens_configuration,
+      :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutJobTaggingRequest
+    # @note When making an API call, you may pass PutStorageLensConfigurationTaggingRequest
     #   data as a hash:
     #
     #       {
+    #         config_id: "ConfigId", # required
     #         account_id: "AccountId", # required
-    #         job_id: "JobId", # required
     #         tags: [ # required
     #           {
     #             key: "TagKeyString", # required
@@ -1567,62 +3515,65 @@ module Aws::S3Control
     #         ],
     #       }
     #
-    # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
     #   @return [String]
     #
-    # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
-    #   replace.
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The set of tags to associate with the Amazon S3 Batch Operations
-    #   job.
-    #   @return [Array<Types::S3Tag>]
+    #   The tag set of the S3 Storage Lens configuration.
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingRequest AWS API Documentation
+    #   <note markdown="1"> You can set up to a maximum of 50 tags.
     #
-    class PutJobTaggingRequest < Struct.new(
+    #    </note>
+    #   @return [Array<Types::StorageLensTag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutStorageLensConfigurationTaggingRequest AWS API Documentation
+    #
+    class PutStorageLensConfigurationTaggingRequest < Struct.new(
+      :config_id,
       :account_id,
-      :job_id,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingResult AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutStorageLensConfigurationTaggingResult AWS API Documentation
     #
-    class PutJobTaggingResult < Aws::EmptyStructure; end
+    class PutStorageLensConfigurationTaggingResult < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass PutPublicAccessBlockRequest
-    #   data as a hash:
+    # The container for the regional bucket.
     #
-    #       {
-    #         public_access_block_configuration: { # required
-    #           block_public_acls: false,
-    #           ignore_public_acls: false,
-    #           block_public_policy: false,
-    #           restrict_public_buckets: false,
-    #         },
-    #         account_id: "AccountId", # required
-    #       }
+    # @!attribute [rw] bucket
+    #   @return [String]
     #
-    # @!attribute [rw] public_access_block_configuration
-    #   The `PublicAccessBlock` configuration that you want to apply to the
-    #   specified Amazon Web Services account.
-    #   @return [Types::PublicAccessBlockConfiguration]
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) for the regional bucket.
+    #   @return [String]
     #
-    # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to set.
+    # @!attribute [rw] public_access_block_enabled
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] creation_date
+    #   The creation date of the regional bucket
+    #   @return [Time]
+    #
+    # @!attribute [rw] outpost_id
+    #   The AWS Outposts ID of the regional bucket.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutPublicAccessBlockRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/RegionalBucket AWS API Documentation
     #
-    class PutPublicAccessBlockRequest < Struct.new(
-      :public_access_block_configuration,
-      :account_id)
+    class RegionalBucket < Struct.new(
+      :bucket,
+      :bucket_arn,
+      :public_access_block_enabled,
+      :creation_date,
+      :outpost_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1657,6 +3608,7 @@ module Aws::S3Control
     class S3AccessControlList < Struct.new(
       :owner,
       :grants)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1694,13 +3646,77 @@ module Aws::S3Control
     class S3AccessControlPolicy < Struct.new(
       :access_control_list,
       :canned_access_control_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the bucket where the Amazon S3 Storage Lens metrics
+    # export files are located.
+    #
+    # @note When making an API call, you may pass S3BucketDestination
+    #   data as a hash:
+    #
+    #       {
+    #         format: "CSV", # required, accepts CSV, Parquet
+    #         output_schema_version: "V_1", # required, accepts V_1
+    #         account_id: "AccountId", # required
+    #         arn: "S3BucketArnString", # required
+    #         prefix: "Prefix",
+    #         encryption: {
+    #           sses3: {
+    #           },
+    #           ssekms: {
+    #             key_id: "SSEKMSKeyId", # required
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] format
+    #   @return [String]
+    #
+    # @!attribute [rw] output_schema_version
+    #   The schema version of the export file.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the owner of the S3 Storage Lens metrics export
+    #   bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the bucket. This property is
+    #   read-only and follows the following format: `
+    #   arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name
+    #   `
+    #   @return [String]
+    #
+    # @!attribute [rw] prefix
+    #   The prefix of the destination bucket where the metrics export will
+    #   be delivered.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption
+    #   The container for the type encryption of the metrics exports in this
+    #   bucket.
+    #   @return [Types::StorageLensDataExportEncryption]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3BucketDestination AWS API Documentation
+    #
+    class S3BucketDestination < Struct.new(
+      :format,
+      :output_schema_version,
+      :account_id,
+      :arn,
+      :prefix,
+      :encryption)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Contains the configuration parameters for a PUT Copy object operation.
-    # Amazon S3 Batch Operations passes each value through to the underlying
-    # PUT Copy object API. For more information about the parameters for
-    # this operation, see [PUT Object - Copy][1].
+    # S3 Batch Operations passes each value through to the underlying PUT
+    # Copy object API. For more information about the parameters for this
+    # operation, see [PUT Object - Copy][1].
     #
     #
     #
@@ -1757,6 +3773,10 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] target_resource
+    #   Specifies the destination bucket ARN for the batch copy operation.
+    #   For example, to copy objects to a bucket named
+    #   "destinationBucket", set the TargetResource to
+    #   "arn:aws:s3:::destinationBucket".
     #   @return [String]
     #
     # @!attribute [rw] canned_access_control_list
@@ -1778,6 +3798,9 @@ module Aws::S3Control
     #   @return [Array<Types::S3Tag>]
     #
     # @!attribute [rw] redirect_location
+    #   Specifies an optional metadata property for website redirects,
+    #   `x-amz-website-redirect-location`. Allows webpage redirects if the
+    #   object is accessed through a website endpoint.
     #   @return [String]
     #
     # @!attribute [rw] requester_pays
@@ -1793,21 +3816,25 @@ module Aws::S3Control
     #   @return [String]
     #
     # @!attribute [rw] target_key_prefix
+    #   Specifies the folder prefix into which you would like the objects to
+    #   be copied. For example, to copy objects into a folder named
+    #   "Folder1" in the destination bucket, set the TargetKeyPrefix to
+    #   "Folder1/".
     #   @return [String]
     #
     # @!attribute [rw] object_lock_legal_hold_status
-    #   The Legal Hold status to be applied to all objects in the Batch
+    #   The legal hold status to be applied to all objects in the Batch
     #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_mode
-    #   The Retention mode to be applied to all objects in the Batch
+    #   The retention mode to be applied to all objects in the Batch
     #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_retain_until_date
-    #   The date when the applied Object Retention configuration will expire
-    #   on all objects in the Batch Operations job.
+    #   The date when the applied object retention configuration expires on
+    #   all objects in the Batch Operations job.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3CopyObjectOperation AWS API Documentation
@@ -1829,6 +3856,7 @@ module Aws::S3Control
       :object_lock_legal_hold_status,
       :object_lock_mode,
       :object_lock_retain_until_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1855,6 +3883,7 @@ module Aws::S3Control
     class S3Grant < Struct.new(
       :grantee,
       :permission)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1882,13 +3911,14 @@ module Aws::S3Control
       :type_identifier,
       :identifier,
       :display_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Contains the configuration parameters for an Initiate Glacier Restore
-    # job. Amazon S3 Batch Operations passes each value through to the
-    # underlying POST Object restore API. For more information about the
-    # parameters for this operation, see [Restoring Archives][1].
+    # job. S3 Batch Operations passes each value through to the underlying
+    # POST Object restore API. For more information about the parameters for
+    # this operation, see [RestoreObject][1].
     #
     #
     #
@@ -1913,9 +3943,13 @@ module Aws::S3Control
     class S3InitiateRestoreObjectOperation < Struct.new(
       :expiration_in_days,
       :glacier_job_tier)
+      SENSITIVE = []
       include Aws::Structure
     end
 
+    # Whether S3 Object Lock legal hold will be applied to objects in an S3
+    # Batch Operations job.
+    #
     # @note When making an API call, you may pass S3ObjectLockLegalHold
     #   data as a hash:
     #
@@ -1924,14 +3958,15 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] status
-    #   The Legal Hold status to be applied to all objects in the Batch
-    #   Operations job.
+    #   The Object Lock legal hold status to be applied to all objects in
+    #   the Batch Operations job.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3ObjectLockLegalHold AWS API Documentation
     #
     class S3ObjectLockLegalHold < Struct.new(
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2001,6 +4036,7 @@ module Aws::S3Control
       :http_expires_date,
       :requester_charged,
       :sse_algorithm)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2023,9 +4059,21 @@ module Aws::S3Control
     class S3ObjectOwner < Struct.new(
       :id,
       :display_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
+    # Contains the S3 Object Lock retention mode to be applied to all
+    # objects in the S3 Batch Operations job. If you don't provide `Mode`
+    # and `RetainUntilDate` data types in your operation, you will remove
+    # the retention from your objects. For more information, see [Using S3
+    # Object Lock retention with S3 Batch Operations][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
+    #
     # @note When making an API call, you may pass S3Retention
     #   data as a hash:
     #
@@ -2035,13 +4083,13 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] retain_until_date
-    #   The date when the applied Object Retention will expire on all
-    #   objects in the Batch Operations job.
+    #   The date when the applied Object Lock retention will expire on all
+    #   objects set by the Batch Operations job.
     #   @return [Time]
     #
     # @!attribute [rw] mode
-    #   The Retention mode to be applied to all objects in the Batch
-    #   Operations job.
+    #   The Object Lock retention mode to be applied to all objects in the
+    #   Batch Operations job.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3Retention AWS API Documentation
@@ -2049,12 +4097,13 @@ module Aws::S3Control
     class S3Retention < Struct.new(
       :retain_until_date,
       :mode)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Contains the configuration parameters for a Set Object ACL operation.
-    # Amazon S3 Batch Operations passes each value through to the underlying
-    # PUT Object acl API. For more information about the parameters for this
+    # S3 Batch Operations passes each value through to the underlying PUT
+    # Object acl API. For more information about the parameters for this
     # operation, see [PUT Object acl][1].
     #
     #
@@ -2093,17 +4142,19 @@ module Aws::S3Control
     #
     class S3SetObjectAclOperation < Struct.new(
       :access_control_policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a Set Object Legal Hold
-    # operation. Amazon S3 Batch Operations passes each value through to the
-    # underlying PUT Object Legal Hold API. For more information about the
-    # parameters for this operation, see [PUT Object Legal Hold][1].
+    # Contains the configuration for an S3 Object Lock legal hold operation
+    # that an S3 Batch Operations job passes each object through to the
+    # underlying `PutObjectLegalHold` API. For more information, see [Using
+    # S3 Object Lock legal hold with S3 Batch Operations][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-legal-hold.html
     #
     # @note When making an API call, you may pass S3SetObjectLegalHoldOperation
     #   data as a hash:
@@ -2115,25 +4166,27 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] legal_hold
-    #   The Legal Hold contains the status to be applied to all objects in
-    #   the Batch Operations job.
+    #   Contains the Object Lock legal hold status to be applied to all
+    #   objects in the Batch Operations job.
     #   @return [Types::S3ObjectLockLegalHold]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectLegalHoldOperation AWS API Documentation
     #
     class S3SetObjectLegalHoldOperation < Struct.new(
       :legal_hold)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a Set Object Retention
-    # operation. Amazon S3 Batch Operations passes each value through to the
-    # underlying PUT Object Retention API. For more information about the
-    # parameters for this operation, see [PUT Object Retention][1].
+    # Contains the configuration parameters for the Object Lock retention
+    # action for an S3 Batch Operations job. Batch Operations passes each
+    # value through to the underlying `PutObjectRetention` API. For more
+    # information, see [Using S3 Object Lock retention with S3 Batch
+    # Operations][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #
     # @note When making an API call, you may pass S3SetObjectRetentionOperation
     #   data as a hash:
@@ -2147,14 +4200,20 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] bypass_governance_retention
-    #   Indicates if the operation should be applied to objects in the Batch
-    #   Operations job even if they have Governance-type Object Lock in
+    #   Indicates if the action should be applied to objects in the Batch
+    #   Operations job even if they have Object Lock ` GOVERNANCE` type in
     #   place.
     #   @return [Boolean]
     #
     # @!attribute [rw] retention
-    #   Amazon S3 object lock Retention contains the retention mode to be
-    #   applied to all objects in the Batch Operations job.
+    #   Contains the Object Lock retention mode to be applied to all objects
+    #   in the Batch Operations job. For more information, see [Using S3
+    #   Object Lock retention with S3 Batch Operations][1] in the *Amazon
+    #   Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #   @return [Types::S3Retention]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectRetentionOperation AWS API Documentation
@@ -2162,11 +4221,12 @@ module Aws::S3Control
     class S3SetObjectRetentionOperation < Struct.new(
       :bypass_governance_retention,
       :retention)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # Contains the configuration parameters for a Set Object Tagging
-    # operation. Amazon S3 Batch Operations passes each value through to the
+    # operation. S3 Batch Operations passes each value through to the
     # underlying PUT Object tagging API. For more information about the
     # parameters for this operation, see [PUT Object tagging][1].
     #
@@ -2193,6 +4253,7 @@ module Aws::S3Control
     #
     class S3SetObjectTaggingOperation < Struct.new(
       :tag_set)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2215,6 +4276,323 @@ module Aws::S3Control
     class S3Tag < Struct.new(
       :key,
       :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass SSEKMS
+    #   data as a hash:
+    #
+    #       {
+    #         key_id: "SSEKMSKeyId", # required
+    #       }
+    #
+    # @!attribute [rw] key_id
+    #   A container for the ARN of the SSE-KMS encryption. This property is
+    #   read-only and follows the following format: `
+    #   arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e
+    #   `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSEKMS AWS API Documentation
+    #
+    class SSEKMS < Struct.new(
+      :key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSES3 AWS API Documentation
+    #
+    class SSES3 < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass SelectionCriteria
+    #   data as a hash:
+    #
+    #       {
+    #         delimiter: "StorageLensPrefixLevelDelimiter",
+    #         max_depth: 1,
+    #         min_storage_bytes_percentage: 1.0,
+    #       }
+    #
+    # @!attribute [rw] delimiter
+    #   A container for the delimiter of the selection criteria being used.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_depth
+    #   The max depth of the selection criteria
+    #   @return [Integer]
+    #
+    # @!attribute [rw] min_storage_bytes_percentage
+    #   The minimum number of storage bytes percentage whose metrics will be
+    #   selected.
+    #
+    #   <note markdown="1"> You must choose a value greater than or equal to `1.0`.
+    #
+    #    </note>
+    #   @return [Float]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SelectionCriteria AWS API Documentation
+    #
+    class SelectionCriteria < Struct.new(
+      :delimiter,
+      :max_depth,
+      :min_storage_bytes_percentage)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The AWS organization for your S3 Storage Lens.
+    #
+    # @note When making an API call, you may pass StorageLensAwsOrg
+    #   data as a hash:
+    #
+    #       {
+    #         arn: "AwsOrgArn", # required
+    #       }
+    #
+    # @!attribute [rw] arn
+    #   A container for the Amazon Resource Name (ARN) of the AWS
+    #   organization. This property is read-only and follows the following
+    #   format: `
+    #   arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck
+    #   `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensAwsOrg AWS API Documentation
+    #
+    class StorageLensAwsOrg < Struct.new(
+      :arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the Amazon S3 Storage Lens configuration.
+    #
+    # @note When making an API call, you may pass StorageLensConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         id: "ConfigId", # required
+    #         account_level: { # required
+    #           activity_metrics: {
+    #             is_enabled: false,
+    #           },
+    #           bucket_level: { # required
+    #             activity_metrics: {
+    #               is_enabled: false,
+    #             },
+    #             prefix_level: {
+    #               storage_metrics: { # required
+    #                 is_enabled: false,
+    #                 selection_criteria: {
+    #                   delimiter: "StorageLensPrefixLevelDelimiter",
+    #                   max_depth: 1,
+    #                   min_storage_bytes_percentage: 1.0,
+    #                 },
+    #               },
+    #             },
+    #           },
+    #         },
+    #         include: {
+    #           buckets: ["S3BucketArnString"],
+    #           regions: ["S3AWSRegion"],
+    #         },
+    #         exclude: {
+    #           buckets: ["S3BucketArnString"],
+    #           regions: ["S3AWSRegion"],
+    #         },
+    #         data_export: {
+    #           s3_bucket_destination: { # required
+    #             format: "CSV", # required, accepts CSV, Parquet
+    #             output_schema_version: "V_1", # required, accepts V_1
+    #             account_id: "AccountId", # required
+    #             arn: "S3BucketArnString", # required
+    #             prefix: "Prefix",
+    #             encryption: {
+    #               sses3: {
+    #               },
+    #               ssekms: {
+    #                 key_id: "SSEKMSKeyId", # required
+    #               },
+    #             },
+    #           },
+    #         },
+    #         is_enabled: false, # required
+    #         aws_org: {
+    #           arn: "AwsOrgArn", # required
+    #         },
+    #         storage_lens_arn: "StorageLensArn",
+    #       }
+    #
+    # @!attribute [rw] id
+    #   A container for the Amazon S3 Storage Lens configuration ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_level
+    #   A container for all the account-level configurations of your S3
+    #   Storage Lens configuration.
+    #   @return [Types::AccountLevel]
+    #
+    # @!attribute [rw] include
+    #   A container for what is included in this configuration. This
+    #   container can only be valid if there is no `Exclude` container
+    #   submitted, and it's not empty.
+    #   @return [Types::Include]
+    #
+    # @!attribute [rw] exclude
+    #   A container for what is excluded in this configuration. This
+    #   container can only be valid if there is no `Include` container
+    #   submitted, and it's not empty.
+    #   @return [Types::Exclude]
+    #
+    # @!attribute [rw] data_export
+    #   A container to specify the properties of your S3 Storage Lens
+    #   metrics export including, the destination, schema and format.
+    #   @return [Types::StorageLensDataExport]
+    #
+    # @!attribute [rw] is_enabled
+    #   A container for whether the S3 Storage Lens configuration is
+    #   enabled.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] aws_org
+    #   A container for the AWS organization for this S3 Storage Lens
+    #   configuration.
+    #   @return [Types::StorageLensAwsOrg]
+    #
+    # @!attribute [rw] storage_lens_arn
+    #   The Amazon Resource Name (ARN) of the S3 Storage Lens configuration.
+    #   This property is read-only and follows the following format: `
+    #   arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name
+    #   `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensConfiguration AWS API Documentation
+    #
+    class StorageLensConfiguration < Struct.new(
+      :id,
+      :account_level,
+      :include,
+      :exclude,
+      :data_export,
+      :is_enabled,
+      :aws_org,
+      :storage_lens_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container to specify the properties of your S3 Storage Lens metrics
+    # export, including the destination, schema, and format.
+    #
+    # @note When making an API call, you may pass StorageLensDataExport
+    #   data as a hash:
+    #
+    #       {
+    #         s3_bucket_destination: { # required
+    #           format: "CSV", # required, accepts CSV, Parquet
+    #           output_schema_version: "V_1", # required, accepts V_1
+    #           account_id: "AccountId", # required
+    #           arn: "S3BucketArnString", # required
+    #           prefix: "Prefix",
+    #           encryption: {
+    #             sses3: {
+    #             },
+    #             ssekms: {
+    #               key_id: "SSEKMSKeyId", # required
+    #             },
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] s3_bucket_destination
+    #   A container for the bucket where the S3 Storage Lens metrics export
+    #   will be located.
+    #   @return [Types::S3BucketDestination]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensDataExport AWS API Documentation
+    #
+    class StorageLensDataExport < Struct.new(
+      :s3_bucket_destination)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the encryption of the S3 Storage Lens metrics exports.
+    #
+    # @note When making an API call, you may pass StorageLensDataExportEncryption
+    #   data as a hash:
+    #
+    #       {
+    #         sses3: {
+    #         },
+    #         ssekms: {
+    #           key_id: "SSEKMSKeyId", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] sses3
+    #   @return [Types::SSES3]
+    #
+    # @!attribute [rw] ssekms
+    #   @return [Types::SSEKMS]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensDataExportEncryption AWS API Documentation
+    #
+    class StorageLensDataExportEncryption < Struct.new(
+      :sses3,
+      :ssekms)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass StorageLensTag
+    #   data as a hash:
+    #
+    #       {
+    #         key: "TagKeyString", # required
+    #         value: "TagValueString", # required
+    #       }
+    #
+    # @!attribute [rw] key
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensTag AWS API Documentation
+    #
+    class StorageLensTag < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass Tagging
+    #   data as a hash:
+    #
+    #       {
+    #         tag_set: [ # required
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] tag_set
+    #   A collection for a set of tags.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Tagging AWS API Documentation
+    #
+    class Tagging < Struct.new(
+      :tag_set)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2225,9 +4603,13 @@ module Aws::S3Control
     #
     class TooManyRequestsException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
+    # Amazon S3 throws this exception if you have too many tags in your tag
+    # set.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2235,6 +4617,51 @@ module Aws::S3Control
     #
     class TooManyTagsException < Struct.new(
       :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies when an object transitions to a specified storage class. For
+    # more information about Amazon S3 Lifecycle configuration rules, see [
+    # Transitioning objects using Amazon S3 Lifecycle][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html
+    #
+    # @note When making an API call, you may pass Transition
+    #   data as a hash:
+    #
+    #       {
+    #         date: Time.now,
+    #         days: 1,
+    #         storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #       }
+    #
+    # @!attribute [rw] date
+    #   Indicates when objects are transitioned to the specified storage
+    #   class. The date value must be in ISO 8601 format. The time is always
+    #   midnight UTC.
+    #   @return [Time]
+    #
+    # @!attribute [rw] days
+    #   Indicates the number of days after creation when objects are
+    #   transitioned to the specified storage class. The value must be a
+    #   positive integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] storage_class
+    #   The storage class to which you want the object to transition.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Transition AWS API Documentation
+    #
+    class Transition < Struct.new(
+      :date,
+      :days,
+      :storage_class)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2264,6 +4691,7 @@ module Aws::S3Control
       :account_id,
       :job_id,
       :priority)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2280,6 +4708,7 @@ module Aws::S3Control
     class UpdateJobPriorityResult < Struct.new(
       :job_id,
       :priority)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2317,6 +4746,7 @@ module Aws::S3Control
       :job_id,
       :requested_job_status,
       :status_update_reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2338,6 +4768,7 @@ module Aws::S3Control
       :job_id,
       :status,
       :status_update_reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2359,6 +4790,7 @@ module Aws::S3Control
     #
     class VpcConfiguration < Struct.new(
       :vpc_id)
+      SENSITIVE = []
       include Aws::Structure
     end