aws-sdk-s3control 1.22.0 → 1.27.0

data/lib/aws-sdk-s3control/errors.rb

@@ -28,6 +28,8 @@ module Aws::S3Control
   #
   # ## Error Classes
   # * {BadRequestException}
+  # * {BucketAlreadyExists}
+  # * {BucketAlreadyOwnedByYou}
   # * {IdempotencyException}
   # * {InternalServiceException}
   # * {InvalidNextTokenException}
@@ -59,6 +61,26 @@ module Aws::S3Control
       end
     end
 
+    class BucketAlreadyExists < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3Control::Types::BucketAlreadyExists] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
+    class BucketAlreadyOwnedByYou < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3Control::Types::BucketAlreadyOwnedByYou] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class IdempotencyException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-s3control/plugins/arn.rb

@@ -0,0 +1,227 @@
+# frozen_string_literal: true
+
+require_relative '../arn/outpost_access_point_arn'
+require_relative '../arn/outpost_bucket_arn'
+
+module Aws
+  module S3Control
+    module Plugins
+      # When an ARN is provided for :bucket or :name in S3Control operations,
+      # this plugin resolves the request endpoint from the ARN when possible.
+      # @api private
+      class ARN < Seahorse::Client::Plugin
+        option(
+          :s3_use_arn_region,
+          default: true,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS) do |cfg|
+For S3 and S3 Outposts ARNs passed into the `:bucket` or `:name`
+parameter, this option will use the region in the ARN, allowing
+for cross-region requests to be made. Set to `false` to use the
+client's region instead.
+        DOCS
+          resolve_s3_use_arn_region(cfg)
+        end
+
+        # param validator is validate:50 (required to add account_id from arn)
+        # endpoint is build:90 (populates the URI for the first time)
+        # endpoint pattern is build:10 (prefix account id to host)
+        def add_handlers(handlers, _config)
+          handlers.add(ARNHandler, step: :validate, priority: 75)
+          handlers.add(UrlHandler)
+        end
+
+        # After extracting out any ARN input, resolve a new URL with it.
+        class UrlHandler < Seahorse::Client::Handler
+          def call(context)
+            if context.metadata[:s3_arn]
+              ARN.resolve_url!(
+                context.http_request.endpoint,
+                context.metadata[:s3_arn][:arn],
+                context.metadata[:s3_arn][:resolved_region],
+                context.metadata[:s3_arn][:dualstack],
+                # if regional_endpoint is false, a custom endpoint was provided
+                # in this case, we want to prefix the endpoint using the ARN
+                !context.config.regional_endpoint
+              )
+            end
+            @handler.call(context)
+          end
+        end
+
+        # This plugin will extract out any ARN input and set context for other
+        # plugins to use without having to translate the ARN again.
+        class ARNHandler < Seahorse::Client::Handler
+          def call(context)
+            arn_member = _arn_member(context.operation.input.shape)
+            if arn_member && (bucket = context.params[arn_member])
+              resolved_region, arn = ARN.resolve_arn!(
+                bucket,
+                context.config.region,
+                context.config.s3_use_arn_region
+              )
+              validate_outpost_dualstack!(context)
+              if arn
+                validate_config!(context, arn)
+
+                if arn.is_a?(OutpostAccessPointARN) ||
+                   arn.is_a?(OutpostBucketARN)
+                  set_outpost_header!(context, arn)
+                  # disable account_id prefix for outposts urls
+                  context.config.disable_host_prefix_injection = true
+                end
+                set_account_param!(context, arn)
+
+                # depending on the ARN's resource type, put the resource value
+                # back onto params
+                context.params[arn_member] = arn.input_member
+                context.metadata[:s3_arn] = {
+                  arn: arn,
+                  resolved_region: resolved_region,
+                  dualstack: extract_dualstack_config!(context)
+                }
+              end
+            end
+            @handler.call(context)
+          end
+
+          private
+
+          # this validation has nothing to do with ARNs (can't be in
+          # validate_config!) outposts does not support dualstack, so operations
+          # using an outpost id should be validated too.
+          def validate_outpost_dualstack!(context)
+            if context.params[:outpost_id] && context[:use_dualstack_endpoint]
+              raise ArgumentError,
+                    'Cannot provide an Outpost ID when '\
+                    '`:use_dualstack_endpoint` is set to true.'
+            end
+          end
+
+          # This looks for BucketName or AccessPointName, but prefers BucketName
+          # for CreateAccessPoint because it contains both but should not have
+          # an Access Point ARN as AccessPointName.
+          def _arn_member(input)
+            input.members.each do |member, ref|
+              if ref.shape.name == 'BucketName' ||
+                 (ref.shape.name == 'AccessPointName' &&
+                  input.name != 'CreateAccessPointRequest')
+                return member
+              end
+            end
+          end
+
+          # other plugins use dualstack so disable it when we're done
+          def extract_dualstack_config!(context)
+            dualstack = context[:use_dualstack_endpoint]
+            context[:use_dualstack_endpoint] = false if dualstack
+            dualstack
+          end
+
+          def validate_config!(context, arn)
+            if !arn.support_dualstack? && context[:use_dualstack_endpoint]
+              raise ArgumentError,
+                    'Cannot provide an Outpost Access Point ARN when '\
+                    '`:use_dualstack_endpoint` is set to true.'
+            end
+          end
+
+          def set_outpost_header!(context, arn)
+            context.http_request.headers['x-amz-outpost-id'] = arn.outpost_id
+          end
+
+          def set_account_param!(context, arn)
+            if context.params[:account_id] &&
+               context.params[:account_id] != arn.account_id
+              raise ArgumentError,
+                    'Cannot provide an Account ID that is different from the '\
+                    'Account ID in the ARN.'
+            end
+            context.params[:account_id] = arn.account_id
+          end
+        end
+
+        class << self
+          # @api private
+          def resolve_arn!(member_value, region, use_arn_region)
+            if Aws::ARNParser.arn?(member_value)
+              arn = Aws::ARNParser.parse(member_value)
+              if arn.resource.include?('bucket')
+                s3_arn = Aws::S3Control::OutpostBucketARN.new(arn.to_h)
+              elsif arn.resource.include?('accesspoint')
+                s3_arn = Aws::S3Control::OutpostAccessPointARN.new(arn.to_h)
+              else
+                raise ArgumentError,
+                      'Only Outpost Bucket and Outpost Access Point ARNs are '\
+                      'currently supported.'
+              end
+              s3_arn.validate_arn!
+              validate_region_config!(s3_arn, region, use_arn_region)
+              region = s3_arn.region if use_arn_region
+              [region, s3_arn]
+            else
+              [region]
+            end
+          end
+
+          # @api private
+          def resolve_url!(url, arn, region, dualstack = false, has_custom_endpoint = false)
+            custom_endpoint = url.host if has_custom_endpoint
+            url.host = arn.host_url(region, dualstack, custom_endpoint)
+            url
+          end
+
+          private
+
+          def resolve_s3_use_arn_region(cfg)
+            value = ENV['AWS_S3_USE_ARN_REGION'] ||
+                    Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
+                    'true'
+            value = Aws::Util.str_2_bool(value)
+            # Raise if provided value is not true or false
+            if value.nil?
+              raise ArgumentError,
+                    'Must provide either `true` or `false` for the '\
+                    '`s3_use_arn_region` profile option or for '\
+                    "ENV['AWS_S3_USE_ARN_REGION']."
+            end
+            value
+          end
+
+          def validate_region_config!(arn, region, use_arn_region)
+            fips = arn.support_fips?
+
+            # s3-external-1 is specific just to s3 and not part of partitions
+            # aws-global is a partition region
+            unless arn.partition == 'aws' &&
+                   (region == 's3-external-1' || region == 'aws-global')
+              if !fips && arn.region.include?('fips')
+                raise ArgumentError,
+                      'FIPS region ARNs are not supported for this type of ARN.'
+              end
+
+              if !fips && !use_arn_region && region.include?('fips')
+                raise ArgumentError,
+                      'FIPS client regions are not supported for this type of '\
+                      'ARN without `:s3_use_arn_region`.'
+              end
+
+              # if it's a fips region, attempt to normalize it
+              if fips || use_arn_region
+                region = region.gsub('fips-', '').gsub('-fips', '')
+              end
+              if use_arn_region &&
+                 !Aws::Partitions.partition(arn.partition).region?(region)
+                raise Aws::Errors::InvalidARNPartitionError
+              end
+
+              if !use_arn_region && region != arn.region
+                raise Aws::Errors::InvalidARNRegionError
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3control/plugins/dualstack.rb

@@ -16,16 +16,22 @@ for all operations.
 
         def add_handlers(handlers, config)
           handlers.add(OptionHandler, step: :initialize)
-          handlers.add(DualstackHandler, step: :build, priority: 2)
+          handlers.add(DualstackHandler, step: :build, priority: 11)
         end
 
         # @api private
         class OptionHandler < Seahorse::Client::Handler
           def call(context)
+            # Support client configuration and per-operation configuration
             if context.params.is_a?(Hash)
               dualstack = context.params.delete(:use_dualstack_endpoint)
             end
             dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
+            # Raise if :endpoint and dualstack are both provided
+            if dualstack && !context.config.regional_endpoint
+              raise ArgumentError,
+                    'Cannot use both :use_dualstack_endpoint and :endpoint'
+            end
             context[:use_dualstack_endpoint] = dualstack
             @handler.call(context)
           end
@@ -34,17 +40,16 @@ for all operations.
         # @api private
         class DualstackHandler < Seahorse::Client::Handler
           def call(context)
-            apply_dualstack_endpoint(context) if use_dualstack_endpoint?(context)
+            if context.config.regional_endpoint && context[:use_dualstack_endpoint]
+              apply_dualstack_endpoint(context)
+            end
             @handler.call(context)
           end
 
           private
           def apply_dualstack_endpoint(context)
-            bucket_name = context.params[:bucket]
             region = context.config.region
-            dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(
-              region
-            )
+            dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
             host = "s3-control.dualstack.#{region}.#{dns_suffix}"
             endpoint = URI.parse(context.http_request.endpoint.to_s)
             endpoint.scheme = context.http_request.endpoint.scheme
@@ -52,10 +57,6 @@ for all operations.
             endpoint.host = host
             context.http_request.endpoint = endpoint.to_s
           end
-
-          def use_dualstack_endpoint?(context)
-            context[:use_dualstack_endpoint]
-          end
         end
 
       end

data/lib/aws-sdk-s3control/plugins/s3_control_signer.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require 'aws-sigv4'
+
+module Aws
+  module S3Control
+    module Plugins
+      # This plugin is an implementation detail and may be modified.
+      # @api private
+      class S3ControlSigner < Seahorse::Client::Plugin
+        SPECIAL_OUTPOST_OPERATIONS = [
+          'CreateBucket',
+          'ListRegionalBuckets'
+        ].freeze
+
+        option(:sigv4_signer) do |cfg|
+          S3ControlSigner.build_v4_signer(
+            service: 's3',
+            region: cfg.sigv4_region,
+            credentials: cfg.credentials
+          )
+        end
+
+        option(:sigv4_region) do |cfg|
+          raise Aws::Errors::MissingRegionError if cfg.region.nil?
+
+          Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
+        end
+
+        def add_handlers(handlers, _cfg)
+          handlers.add(V4Handler, step: :sign)
+        end
+
+        class V4Handler < Seahorse::Client::Handler
+          def call(context)
+            Aws::Plugins::SignatureV4.apply_signature(
+              context: context,
+              signer: sigv4_signer(context)
+            )
+            @handler.call(context)
+          end
+
+          private
+
+          def sigv4_signer(context)
+            if (arn = context.metadata[:s3_arn]) &&
+               arn[:arn].respond_to?(:outpost_id)
+              S3ControlSigner.build_v4_signer(
+                service: 's3-outposts',
+                region: arn[:resolved_region],
+                credentials: context.config.credentials
+              )
+            elsif outpost_operation?(context)
+              # outpost operations should go to the outposts endpoint only if
+              # it's not a custom endpoint. the ARN class changes this for ARNs
+              if context.config.regional_endpoint
+                context.http_request.endpoint.host =
+                  "s3-outposts.#{context.config.region}.amazonaws.com"
+              end
+              S3ControlSigner.build_v4_signer(
+                service: 's3-outposts',
+                region: context.config.region,
+                credentials: context.config.credentials
+              )
+            else
+              context.config.sigv4_signer
+            end
+          end
+
+          # Some operations do not take an ARN parameter and are special cases
+          # For these operations, the presence of the outpost_id parameter
+          # must trigger special endpoint and signer redirection
+          def outpost_operation?(context)
+            SPECIAL_OUTPOST_OPERATIONS.include?(context.operation.name) &&
+              context.params[:outpost_id]
+          end
+        end
+
+        class << self
+          # @option options [required, String] :region
+          # @option options [required, #credentials] :credentials
+          # @api private
+          def build_v4_signer(options = {})
+            Aws::Sigv4::Signer.new(
+              service: options[:service],
+              region: options[:region],
+              credentials_provider: options[:credentials],
+              uri_escape_path: false,
+              unsigned_headers: ['content-length', 'x-amzn-trace-id']
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3control/types.rb

@@ -10,6 +10,28 @@
 module Aws::S3Control
   module Types
 
+    # The container for abort incomplete multipart upload
+    #
+    # @note When making an API call, you may pass AbortIncompleteMultipartUpload
+    #   data as a hash:
+    #
+    #       {
+    #         days_after_initiation: 1,
+    #       }
+    #
+    # @!attribute [rw] days_after_initiation
+    #   Specifies the number of days after which Amazon S3 aborts an
+    #   incomplete multipart upload to the Outposts bucket.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AbortIncompleteMultipartUpload AWS API Documentation
+    #
+    class AbortIncompleteMultipartUpload < Struct.new(
+      :days_after_initiation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An access point used to access a bucket.
     #
     # @!attribute [rw] name
@@ -34,13 +56,83 @@ module Aws::S3Control
     #   The name of the bucket associated with this access point.
     #   @return [String]
     #
+    # @!attribute [rw] access_point_arn
+    #   The ARN for the access point.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AccessPoint AWS API Documentation
     #
     class AccessPoint < Struct.new(
       :name,
       :network_origin,
       :vpc_configuration,
-      :bucket)
+      :bucket,
+      :access_point_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the account level Amazon S3 Storage Lens
+    # configuration.
+    #
+    # @note When making an API call, you may pass AccountLevel
+    #   data as a hash:
+    #
+    #       {
+    #         activity_metrics: {
+    #           is_enabled: false,
+    #         },
+    #         bucket_level: { # required
+    #           activity_metrics: {
+    #             is_enabled: false,
+    #           },
+    #           prefix_level: {
+    #             storage_metrics: { # required
+    #               is_enabled: false,
+    #               selection_criteria: {
+    #                 delimiter: "StorageLensPrefixLevelDelimiter",
+    #                 max_depth: 1,
+    #                 min_storage_bytes_percentage: 1.0,
+    #               },
+    #             },
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] activity_metrics
+    #   A container for the S3 Storage Lens activity metrics.
+    #   @return [Types::ActivityMetrics]
+    #
+    # @!attribute [rw] bucket_level
+    #   A container for the S3 Storage Lens bucket-level configuration.
+    #   @return [Types::BucketLevel]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AccountLevel AWS API Documentation
+    #
+    class AccountLevel < Struct.new(
+      :activity_metrics,
+      :bucket_level)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the activity metrics.
+    #
+    # @note When making an API call, you may pass ActivityMetrics
+    #   data as a hash:
+    #
+    #       {
+    #         is_enabled: false,
+    #       }
+    #
+    # @!attribute [rw] is_enabled
+    #   A container for whether the activity metrics are enabled.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ActivityMetrics AWS API Documentation
+    #
+    class ActivityMetrics < Struct.new(
+      :is_enabled)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -56,6 +148,61 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # The requested Outposts bucket name is not available. The bucket
+    # namespace is shared by all users of the AWS Outposts in this Region.
+    # Select a different name and try again.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketAlreadyExists AWS API Documentation
+    #
+    class BucketAlreadyExists < Aws::EmptyStructure; end
+
+    # The Outposts bucket you tried to create already exists, and you own
+    # it.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketAlreadyOwnedByYou AWS API Documentation
+    #
+    class BucketAlreadyOwnedByYou < Aws::EmptyStructure; end
+
+    # A container for the bucket-level configuration.
+    #
+    # @note When making an API call, you may pass BucketLevel
+    #   data as a hash:
+    #
+    #       {
+    #         activity_metrics: {
+    #           is_enabled: false,
+    #         },
+    #         prefix_level: {
+    #           storage_metrics: { # required
+    #             is_enabled: false,
+    #             selection_criteria: {
+    #               delimiter: "StorageLensPrefixLevelDelimiter",
+    #               max_depth: 1,
+    #               min_storage_bytes_percentage: 1.0,
+    #             },
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] activity_metrics
+    #   A container for the bucket-level activity metrics for Amazon S3
+    #   Storage Lens
+    #   @return [Types::ActivityMetrics]
+    #
+    # @!attribute [rw] prefix_level
+    #   A container for the bucket-level prefix-level metrics for S3 Storage
+    #   Lens
+    #   @return [Types::PrefixLevel]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketLevel AWS API Documentation
+    #
+    class BucketLevel < Struct.new(
+      :activity_metrics,
+      :prefix_level)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateAccessPointRequest
     #   data as a hash:
     #
@@ -86,19 +233,38 @@ module Aws::S3Control
     # @!attribute [rw] bucket
     #   The name of the bucket that you want to associate this access point
     #   with.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] vpc_configuration
     #   If you include this field, Amazon S3 restricts access to this access
     #   point to requests from the specified virtual private cloud (VPC).
+    #
+    #   <note markdown="1"> This is required for creating an access point for Amazon S3 on
+    #   Outposts buckets.
+    #
+    #    </note>
     #   @return [Types::VpcConfiguration]
     #
     # @!attribute [rw] public_access_block_configuration
     #   The `PublicAccessBlock` configuration that you want to apply to this
-    #   Amazon S3 bucket. You can enable the configuration options in any
+    #   Amazon S3 account. You can enable the configuration options in any
     #   combination. For more information about when Amazon S3 considers a
     #   bucket or object public, see [The Meaning of "Public"][1] in the
-    #   Amazon Simple Storage Service Developer Guide.
+    #   *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -117,6 +283,196 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @!attribute [rw] access_point_arn
+    #   The ARN of the access point.
+    #
+    #   <note markdown="1"> This is only supported by Amazon S3 on Outposts.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessPointResult AWS API Documentation
+    #
+    class CreateAccessPointResult < Struct.new(
+      :access_point_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the bucket configuration.
+    #
+    # <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #  </note>
+    #
+    # @note When making an API call, you may pass CreateBucketConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #       }
+    #
+    # @!attribute [rw] location_constraint
+    #   Specifies the Region where the bucket will be created. If you are
+    #   creating a bucket on the US East (N. Virginia) Region (us-east-1),
+    #   you do not need to specify the location.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketConfiguration AWS API Documentation
+    #
+    class CreateBucketConfiguration < Struct.new(
+      :location_constraint)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass CreateBucketRequest
+    #   data as a hash:
+    #
+    #       {
+    #         acl: "private", # accepts private, public-read, public-read-write, authenticated-read
+    #         bucket: "BucketName", # required
+    #         create_bucket_configuration: {
+    #           location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #         },
+    #         grant_full_control: "GrantFullControl",
+    #         grant_read: "GrantRead",
+    #         grant_read_acp: "GrantReadACP",
+    #         grant_write: "GrantWrite",
+    #         grant_write_acp: "GrantWriteACP",
+    #         object_lock_enabled_for_bucket: false,
+    #         outpost_id: "NonEmptyMaxLength64String",
+    #       }
+    #
+    # @!attribute [rw] acl
+    #   The canned ACL to apply to the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_bucket_configuration
+    #   The configuration information for the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Types::CreateBucketConfiguration]
+    #
+    # @!attribute [rw] grant_full_control
+    #   Allows grantee the read, write, read ACP, and write ACP permissions
+    #   on the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_read
+    #   Allows grantee to list the objects in the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_read_acp
+    #   Allows grantee to read the bucket ACL.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_write
+    #   Allows grantee to create, overwrite, and delete any object in the
+    #   bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_write_acp
+    #   Allows grantee to write the ACL for the applicable bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] object_lock_enabled_for_bucket
+    #   Specifies whether you want S3 Object Lock to be enabled for the new
+    #   bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] outpost_id
+    #   The ID of the Outposts where the bucket is being created.
+    #
+    #   <note markdown="1"> This is required by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketRequest AWS API Documentation
+    #
+    class CreateBucketRequest < Struct.new(
+      :acl,
+      :bucket,
+      :create_bucket_configuration,
+      :grant_full_control,
+      :grant_read,
+      :grant_read_acp,
+      :grant_write,
+      :grant_write_acp,
+      :object_lock_enabled_for_bucket,
+      :outpost_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] location
+    #   The location of the bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketResult AWS API Documentation
+    #
+    class CreateBucketResult < Struct.new(
+      :location,
+      :bucket_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateJobRequest
     #   data as a hash:
     #
@@ -202,6 +558,8 @@ module Aws::S3Control
     #               },
     #             ],
     #           },
+    #           s3_delete_object_tagging: {
+    #           },
     #           s3_initiate_restore_object: {
     #             expiration_in_days: 1,
     #             glacier_job_tier: "BULK", # accepts BULK, STANDARD
@@ -250,6 +608,7 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The AWS account ID that creates the job.
     #   @return [String]
     #
     # @!attribute [rw] confirmation_required
@@ -259,10 +618,10 @@ module Aws::S3Control
     #   @return [Boolean]
     #
     # @!attribute [rw] operation
-    #   The operation that you want this job to perform on each object
+    #   The operation that you want this job to perform on every object
     #   listed in the manifest. For more information about the available
-    #   operations, see [Available Operations][1] in the *Amazon Simple
-    #   Storage Service Developer Guide*.
+    #   operations, see [Operations][1] in the *Amazon Simple Storage
+    #   Service Developer Guide*.
     #
     #
     #
@@ -299,13 +658,13 @@ module Aws::S3Control
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) for the AWS Identity and Access
-    #   Management (IAM) role that Batch Operations will use to execute this
-    #   job's operation on each object in the manifest.
+    #   Management (IAM) role that Batch Operations will use to run this
+    #   job's operation on every object in the manifest.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   A set of tags to associate with the Amazon S3 Batch Operations job.
-    #   This is an optional parameter.
+    #   A set of tags to associate with the S3 Batch Operations job. This is
+    #   an optional parameter.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateJobRequest AWS API Documentation
@@ -352,6 +711,19 @@ module Aws::S3Control
     #
     # @!attribute [rw] name
     #   The name of the access point whose policy you want to delete.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointPolicyRequest AWS API Documentation
@@ -377,6 +749,19 @@ module Aws::S3Control
     #
     # @!attribute [rw] name
     #   The name of the access point you want to delete.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointRequest AWS API Documentation
@@ -388,158 +773,399 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteJobTaggingRequest
+    # @note When making an API call, you may pass DeleteBucketLifecycleConfigurationRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
-    #         job_id: "JobId", # required
+    #         bucket: "BucketName", # required
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The account ID of the lifecycle configuration to delete.
     #   @return [String]
     #
-    # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
-    #   delete.
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketLifecycleConfigurationRequest AWS API Documentation
     #
-    class DeleteJobTaggingRequest < Struct.new(
+    class DeleteBucketLifecycleConfigurationRequest < Struct.new(
       :account_id,
-      :job_id)
+      :bucket)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingResult AWS API Documentation
-    #
-    class DeleteJobTaggingResult < Aws::EmptyStructure; end
-
-    # @note When making an API call, you may pass DeletePublicAccessBlockRequest
+    # @note When making an API call, you may pass DeleteBucketPolicyRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to remove.
+    #   The account ID of the Outposts bucket.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeletePublicAccessBlockRequest AWS API Documentation
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
     #
-    class DeletePublicAccessBlockRequest < Struct.new(
-      :account_id)
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketPolicyRequest AWS API Documentation
+    #
+    class DeleteBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeJobRequest
+    # @note When making an API call, you may pass DeleteBucketRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
-    #         job_id: "JobId", # required
+    #         bucket: "BucketName", # required
     #       }
     #
     # @!attribute [rw] account_id
+    #   The account ID that owns the Outposts bucket.
     #   @return [String]
     #
-    # @!attribute [rw] job_id
-    #   The ID for the job whose information you want to retrieve.
+    # @!attribute [rw] bucket
+    #   Specifies the bucket being deleted.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketRequest AWS API Documentation
     #
-    class DescribeJobRequest < Struct.new(
+    class DeleteBucketRequest < Struct.new(
       :account_id,
-      :job_id)
-      SENSITIVE = []
-      include Aws::Structure
-    end
-
-    # @!attribute [rw] job
-    #   Contains the configuration parameters and status for the job
-    #   specified in the `Describe Job` request.
-    #   @return [Types::JobDescriptor]
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobResult AWS API Documentation
-    #
-    class DescribeJobResult < Struct.new(
-      :job)
+      :bucket)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetAccessPointPolicyRequest
+    # @note When making an API call, you may pass DeleteBucketTaggingRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
-    #         name: "AccessPointName", # required
+    #         bucket: "BucketName", # required
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the account that owns the specified access point.
+    #   The AWS account ID of the Outposts bucket tag set to be removed.
     #   @return [String]
     #
-    # @!attribute [rw] name
-    #   The name of the access point whose policy you want to retrieve.
+    # @!attribute [rw] bucket
+    #   The bucket ARN that has the tag set to be removed.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketTaggingRequest AWS API Documentation
     #
-    class GetAccessPointPolicyRequest < Struct.new(
+    class DeleteBucketTaggingRequest < Struct.new(
       :account_id,
-      :name)
-      SENSITIVE = []
-      include Aws::Structure
-    end
-
-    # @!attribute [rw] policy
-    #   The access point policy associated with the specified access point.
-    #   @return [String]
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyResult AWS API Documentation
-    #
-    class GetAccessPointPolicyResult < Struct.new(
-      :policy)
+      :bucket)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetAccessPointPolicyStatusRequest
+    # @note When making an API call, you may pass DeleteJobTaggingRequest
     #   data as a hash:
     #
     #       {
     #         account_id: "AccountId", # required
-    #         name: "AccessPointName", # required
+    #         job_id: "JobId", # required
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the account that owns the specified access point.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
-    # @!attribute [rw] name
-    #   The name of the access point whose policy status you want to
-    #   retrieve.
+    # @!attribute [rw] job_id
+    #   The ID for the S3 Batch Operations job whose tags you want to
+    #   delete.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyStatusRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingRequest AWS API Documentation
     #
-    class GetAccessPointPolicyStatusRequest < Struct.new(
+    class DeleteJobTaggingRequest < Struct.new(
       :account_id,
-      :name)
+      :job_id)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] policy_status
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteJobTaggingResult AWS API Documentation
+    #
+    class DeleteJobTaggingResult < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass DeletePublicAccessBlockRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to remove.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeletePublicAccessBlockRequest AWS API Documentation
+    #
+    class DeletePublicAccessBlockRequest < Struct.new(
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteStorageLensConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteStorageLensConfigurationRequest AWS API Documentation
+    #
+    class DeleteStorageLensConfigurationRequest < Struct.new(
+      :config_id,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteStorageLensConfigurationTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteStorageLensConfigurationTaggingRequest AWS API Documentation
+    #
+    class DeleteStorageLensConfigurationTaggingRequest < Struct.new(
+      :config_id,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteStorageLensConfigurationTaggingResult AWS API Documentation
+    #
+    class DeleteStorageLensConfigurationTaggingResult < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass DescribeJobRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         job_id: "JobId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   @return [String]
+    #
+    # @!attribute [rw] job_id
+    #   The ID for the job whose information you want to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobRequest AWS API Documentation
+    #
+    class DescribeJobRequest < Struct.new(
+      :account_id,
+      :job_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] job
+    #   Contains the configuration parameters and status for the job
+    #   specified in the `Describe Job` request.
+    #   @return [Types::JobDescriptor]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DescribeJobResult AWS API Documentation
+    #
+    class DescribeJobResult < Struct.new(
+      :job)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for what Amazon S3 Storage Lens will exclude.
+    #
+    # @note When making an API call, you may pass Exclude
+    #   data as a hash:
+    #
+    #       {
+    #         buckets: ["S3BucketArnString"],
+    #         regions: ["S3AWSRegion"],
+    #       }
+    #
+    # @!attribute [rw] buckets
+    #   A container for the S3 Storage Lens bucket excludes.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] regions
+    #   A container for the S3 Storage Lens Region excludes.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Exclude AWS API Documentation
+    #
+    class Exclude < Struct.new(
+      :buckets,
+      :regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point whose policy you want to retrieve.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyRequest AWS API Documentation
+    #
+    class GetAccessPointPolicyRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The access point policy associated with the specified access point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyResult AWS API Documentation
+    #
+    class GetAccessPointPolicyResult < Struct.new(
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointPolicyStatusRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "AccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point whose policy status you want to
+    #   retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyStatusRequest AWS API Documentation
+    #
+    class GetAccessPointPolicyStatusRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_status
     #   Indicates the current policy status of the specified access point.
     #   @return [Types::PolicyStatus]
     #
@@ -566,6 +1192,19 @@ module Aws::S3Control
     # @!attribute [rw] name
     #   The name of the access point whose configuration information you
     #   want to retrieve.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointRequest AWS API Documentation
@@ -592,6 +1231,8 @@ module Aws::S3Control
     #   access from the public internet. Otherwise, `NetworkOrigin` is
     #   `Internet`, and the access point allows access from the public
     #   internet, subject to the access point and bucket access policies.
+    #
+    #   This will always be true for an Amazon S3 on Outposts access point
     #   @return [String]
     #
     # @!attribute [rw] vpc_configuration
@@ -601,10 +1242,12 @@ module Aws::S3Control
     #
     # @!attribute [rw] public_access_block_configuration
     #   The `PublicAccessBlock` configuration that you want to apply to this
-    #   Amazon S3 bucket. You can enable the configuration options in any
+    #   Amazon S3 account. You can enable the configuration options in any
     #   combination. For more information about when Amazon S3 considers a
     #   bucket or object public, see [The Meaning of "Public"][1] in the
-    #   Amazon Simple Storage Service Developer Guide.
+    #   *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -628,6 +1271,211 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetBucketLifecycleConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketLifecycleConfigurationRequest AWS API Documentation
+    #
+    class GetBucketLifecycleConfigurationRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] rules
+    #   Container for the lifecycle rule of the Outposts bucket.
+    #   @return [Array<Types::LifecycleRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketLifecycleConfigurationResult AWS API Documentation
+    #
+    class GetBucketLifecycleConfigurationResult < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketPolicyRequest AWS API Documentation
+    #
+    class GetBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The policy of the Outposts bucket.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketPolicyResult AWS API Documentation
+    #
+    class GetBucketPolicyResult < Struct.new(
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketRequest AWS API Documentation
+    #
+    class GetBucketRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The Outposts bucket requested.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_enabled
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] creation_date
+    #   The creation date of the Outposts bucket.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketResult AWS API Documentation
+    #
+    class GetBucketResult < Struct.new(
+      :bucket,
+      :public_access_block_enabled,
+      :creation_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketTaggingRequest AWS API Documentation
+    #
+    class GetBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tag_set
+    #   The tags set of the Outposts bucket.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketTaggingResult AWS API Documentation
+    #
+    class GetBucketTaggingResult < Struct.new(
+      :tag_set)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetJobTaggingRequest
     #   data as a hash:
     #
@@ -637,12 +1485,11 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   The ID for the S3 Batch Operations job whose tags you want to
     #   retrieve.
     #   @return [String]
     #
@@ -656,7 +1503,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] tags
-    #   The set of tags associated with the Amazon S3 Batch Operations job.
+    #   The set of tags associated with the S3 Batch Operations job.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetJobTaggingResult AWS API Documentation
@@ -667,39 +1514,113 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # @!attribute [rw] public_access_block_configuration
-    #   The `PublicAccessBlock` configuration currently in effect for this
-    #   Amazon Web Services account.
-    #   @return [Types::PublicAccessBlockConfiguration]
+    # @!attribute [rw] public_access_block_configuration
+    #   The `PublicAccessBlock` configuration currently in effect for this
+    #   AWS account.
+    #   @return [Types::PublicAccessBlockConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockOutput AWS API Documentation
+    #
+    class GetPublicAccessBlockOutput < Struct.new(
+      :public_access_block_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetPublicAccessBlockRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockRequest AWS API Documentation
+    #
+    class GetPublicAccessBlockRequest < Struct.new(
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetStorageLensConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the Amazon S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationRequest AWS API Documentation
+    #
+    class GetStorageLensConfigurationRequest < Struct.new(
+      :config_id,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] storage_lens_configuration
+    #   The S3 Storage Lens configuration requested.
+    #   @return [Types::StorageLensConfiguration]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockOutput AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationResult AWS API Documentation
     #
-    class GetPublicAccessBlockOutput < Struct.new(
-      :public_access_block_configuration)
+    class GetStorageLensConfigurationResult < Struct.new(
+      :storage_lens_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetPublicAccessBlockRequest
+    # @note When making an API call, you may pass GetStorageLensConfigurationTaggingRequest
     #   data as a hash:
     #
     #       {
+    #         config_id: "ConfigId", # required
     #         account_id: "AccountId", # required
     #       }
     #
+    # @!attribute [rw] config_id
+    #   The ID of the Amazon S3 Storage Lens configuration.
+    #   @return [String]
+    #
     # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to retrieve.
+    #   The account ID of the requester.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationTaggingRequest AWS API Documentation
     #
-    class GetPublicAccessBlockRequest < Struct.new(
+    class GetStorageLensConfigurationTaggingRequest < Struct.new(
+      :config_id,
       :account_id)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # @!attribute [rw] tags
+    #   The tags of S3 Storage Lens configuration requested.
+    #   @return [Array<Types::StorageLensTag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetStorageLensConfigurationTaggingResult AWS API Documentation
+    #
+    class GetStorageLensConfigurationTaggingResult < Struct.new(
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -711,6 +1632,33 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # A container for what Amazon S3 Storage Lens configuration includes.
+    #
+    # @note When making an API call, you may pass Include
+    #   data as a hash:
+    #
+    #       {
+    #         buckets: ["S3BucketArnString"],
+    #         regions: ["S3AWSRegion"],
+    #       }
+    #
+    # @!attribute [rw] buckets
+    #   A container for the S3 Storage Lens bucket includes.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] regions
+    #   A container for the S3 Storage Lens Region includes.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Include AWS API Documentation
+    #
+    class Include < Struct.new(
+      :buckets,
+      :regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -776,7 +1724,7 @@ module Aws::S3Control
     #   @return [Types::JobManifest]
     #
     # @!attribute [rw] operation
-    #   The operation that the specified job is configured to execute on the
+    #   The operation that the specified job is configured to run on the
     #   objects listed in the manifest.
     #   @return [Types::JobOperation]
     #
@@ -785,12 +1733,13 @@ module Aws::S3Control
     #   @return [Integer]
     #
     # @!attribute [rw] progress_summary
-    #   Describes the total number of tasks that the specified job has
-    #   executed, the number of tasks that succeeded, and the number of
-    #   tasks that failed.
+    #   Describes the total number of tasks that the specified job has run,
+    #   the number of tasks that succeeded, and the number of tasks that
+    #   failed.
     #   @return [Types::JobProgressSummary]
     #
     # @!attribute [rw] status_update_reason
+    #   The reason for updating the job.
     #   @return [String]
     #
     # @!attribute [rw] failure_reasons
@@ -815,7 +1764,7 @@ module Aws::S3Control
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) for the AWS Identity and Access
-    #   Management (IAM) role assigned to execute the tasks for this job.
+    #   Management (IAM) role assigned to run the tasks for this job.
     #   @return [String]
     #
     # @!attribute [rw] suspended_date
@@ -886,7 +1835,7 @@ module Aws::S3Control
     #   @return [String]
     #
     # @!attribute [rw] operation
-    #   The operation that the specified job is configured to run on each
+    #   The operation that the specified job is configured to run on every
     #   object listed in the manifest.
     #   @return [String]
     #
@@ -909,9 +1858,9 @@ module Aws::S3Control
     #   @return [Time]
     #
     # @!attribute [rw] progress_summary
-    #   Describes the total number of tasks that the specified job has
-    #   executed, the number of tasks that succeeded, and the number of
-    #   tasks that failed.
+    #   Describes the total number of tasks that the specified job has run,
+    #   the number of tasks that succeeded, and the number of tasks that
+    #   failed.
     #   @return [Types::JobProgressSummary]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobListDescriptor AWS API Documentation
@@ -979,6 +1928,14 @@ module Aws::S3Control
     #
     # @!attribute [rw] object_arn
     #   The Amazon Resource Name (ARN) for a manifest object.
+    #
+    #   Replacement must be made for object keys containing special
+    #   characters (such as carriage returns) when using XML requests. For
+    #   more information, see [ XML related object key constraints][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints
     #   @return [String]
     #
     # @!attribute [rw] object_version_id
@@ -1031,10 +1988,10 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # The operation that you want this job to perform on each object listed
+    # The operation that you want this job to perform on every object listed
     # in the manifest. For more information about the available operations,
-    # see [Available Operations][1] in the *Amazon Simple Storage Service
-    # Developer Guide*.
+    # see [Operations][1] in the *Amazon Simple Storage Service Developer
+    # Guide*.
     #
     #
     #
@@ -1122,6 +2079,8 @@ module Aws::S3Control
     #             },
     #           ],
     #         },
+    #         s3_delete_object_tagging: {
+    #         },
     #         s3_initiate_restore_object: {
     #           expiration_in_days: 1,
     #           glacier_job_tier: "BULK", # accepts BULK, STANDARD
@@ -1131,179 +2090,501 @@ module Aws::S3Control
     #             status: "OFF", # required, accepts OFF, ON
     #           },
     #         },
-    #         s3_put_object_retention: {
-    #           bypass_governance_retention: false,
-    #           retention: { # required
-    #             retain_until_date: Time.now,
-    #             mode: "COMPLIANCE", # accepts COMPLIANCE, GOVERNANCE
+    #         s3_put_object_retention: {
+    #           bypass_governance_retention: false,
+    #           retention: { # required
+    #             retain_until_date: Time.now,
+    #             mode: "COMPLIANCE", # accepts COMPLIANCE, GOVERNANCE
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] lambda_invoke
+    #   Directs the specified job to invoke an AWS Lambda function on every
+    #   object in the manifest.
+    #   @return [Types::LambdaInvokeOperation]
+    #
+    # @!attribute [rw] s3_put_object_copy
+    #   Directs the specified job to run a PUT Copy object call on every
+    #   object in the manifest.
+    #   @return [Types::S3CopyObjectOperation]
+    #
+    # @!attribute [rw] s3_put_object_acl
+    #   Directs the specified job to run a PUT Object acl call on every
+    #   object in the manifest.
+    #   @return [Types::S3SetObjectAclOperation]
+    #
+    # @!attribute [rw] s3_put_object_tagging
+    #   Directs the specified job to run a PUT Object tagging call on every
+    #   object in the manifest.
+    #   @return [Types::S3SetObjectTaggingOperation]
+    #
+    # @!attribute [rw] s3_delete_object_tagging
+    #   Directs the specified job to execute a DELETE Object tagging call on
+    #   every object in the manifest.
+    #   @return [Types::S3DeleteObjectTaggingOperation]
+    #
+    # @!attribute [rw] s3_initiate_restore_object
+    #   Directs the specified job to initiate restore requests for every
+    #   archived object in the manifest.
+    #   @return [Types::S3InitiateRestoreObjectOperation]
+    #
+    # @!attribute [rw] s3_put_object_legal_hold
+    #   Contains the configuration for an S3 Object Lock legal hold
+    #   operation that an S3 Batch Operations job passes every object to the
+    #   underlying `PutObjectLegalHold` API. For more information, see
+    #   [Using S3 Object Lock legal hold with S3 Batch Operations][1] in the
+    #   *Amazon Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-legal-hold.html
+    #   @return [Types::S3SetObjectLegalHoldOperation]
+    #
+    # @!attribute [rw] s3_put_object_retention
+    #   Contains the configuration parameters for the Object Lock retention
+    #   action for an S3 Batch Operations job. Batch Operations passes every
+    #   object to the underlying `PutObjectRetention` API. For more
+    #   information, see [Using S3 Object Lock retention with S3 Batch
+    #   Operations][1] in the *Amazon Simple Storage Service Developer
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
+    #   @return [Types::S3SetObjectRetentionOperation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobOperation AWS API Documentation
+    #
+    class JobOperation < Struct.new(
+      :lambda_invoke,
+      :s3_put_object_copy,
+      :s3_put_object_acl,
+      :s3_put_object_tagging,
+      :s3_delete_object_tagging,
+      :s3_initiate_restore_object,
+      :s3_put_object_legal_hold,
+      :s3_put_object_retention)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the total number of tasks that the specified job has
+    # started, the number of tasks that succeeded, and the number of tasks
+    # that failed.
+    #
+    # @!attribute [rw] total_number_of_tasks
+    #   @return [Integer]
+    #
+    # @!attribute [rw] number_of_tasks_succeeded
+    #   @return [Integer]
+    #
+    # @!attribute [rw] number_of_tasks_failed
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobProgressSummary AWS API Documentation
+    #
+    class JobProgressSummary < Struct.new(
+      :total_number_of_tasks,
+      :number_of_tasks_succeeded,
+      :number_of_tasks_failed)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains the configuration parameters for a job-completion report.
+    #
+    # @note When making an API call, you may pass JobReport
+    #   data as a hash:
+    #
+    #       {
+    #         bucket: "S3BucketArnString",
+    #         format: "Report_CSV_20180820", # accepts Report_CSV_20180820
+    #         enabled: false, # required
+    #         prefix: "ReportPrefixString",
+    #         report_scope: "AllTasks", # accepts AllTasks, FailedTasksOnly
+    #       }
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon Resource Name (ARN) for the bucket where specified
+    #   job-completion report will be stored.
+    #   @return [String]
+    #
+    # @!attribute [rw] format
+    #   The format of the specified job-completion report.
+    #   @return [String]
+    #
+    # @!attribute [rw] enabled
+    #   Indicates whether the specified job will generate a job-completion
+    #   report.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] prefix
+    #   An optional prefix to describe where in the specified bucket the
+    #   job-completion report will be stored. Amazon S3 stores the
+    #   job-completion report at `<prefix>/job-<job-id>/report.json`.
+    #   @return [String]
+    #
+    # @!attribute [rw] report_scope
+    #   Indicates whether the job-completion report will include details of
+    #   all tasks or only failed tasks.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobReport AWS API Documentation
+    #
+    class JobReport < Struct.new(
+      :bucket,
+      :format,
+      :enabled,
+      :prefix,
+      :report_scope)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobStatusException AWS API Documentation
+    #
+    class JobStatusException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains the configuration parameters for a `Lambda Invoke` operation.
+    #
+    # @note When making an API call, you may pass LambdaInvokeOperation
+    #   data as a hash:
+    #
+    #       {
+    #         function_arn: "FunctionArnString",
+    #       }
+    #
+    # @!attribute [rw] function_arn
+    #   The Amazon Resource Name (ARN) for the AWS Lambda function that the
+    #   specified job will invoke on every object in the manifest.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LambdaInvokeOperation AWS API Documentation
+    #
+    class LambdaInvokeOperation < Struct.new(
+      :function_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle configuration.
+    #
+    # @note When making an API call, you may pass LifecycleConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         rules: [
+    #           {
+    #             expiration: {
+    #               date: Time.now,
+    #               days: 1,
+    #               expired_object_delete_marker: false,
+    #             },
+    #             id: "ID",
+    #             filter: {
+    #               prefix: "Prefix",
+    #               tag: {
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
+    #               },
+    #               and: {
+    #                 prefix: "Prefix",
+    #                 tags: [
+    #                   {
+    #                     key: "TagKeyString", # required
+    #                     value: "TagValueString", # required
+    #                   },
+    #                 ],
+    #               },
+    #             },
+    #             status: "Enabled", # required, accepts Enabled, Disabled
+    #             transitions: [
+    #               {
+    #                 date: Time.now,
+    #                 days: 1,
+    #                 storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #               },
+    #             ],
+    #             noncurrent_version_transitions: [
+    #               {
+    #                 noncurrent_days: 1,
+    #                 storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #               },
+    #             ],
+    #             noncurrent_version_expiration: {
+    #               noncurrent_days: 1,
+    #             },
+    #             abort_incomplete_multipart_upload: {
+    #               days_after_initiation: 1,
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] rules
+    #   A lifecycle rule for individual objects in an Outposts bucket.
+    #   @return [Array<Types::LifecycleRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleConfiguration AWS API Documentation
+    #
+    class LifecycleConfiguration < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container of the Outposts bucket lifecycle expiration.
+    #
+    # @note When making an API call, you may pass LifecycleExpiration
+    #   data as a hash:
+    #
+    #       {
+    #         date: Time.now,
+    #         days: 1,
+    #         expired_object_delete_marker: false,
+    #       }
+    #
+    # @!attribute [rw] date
+    #   Indicates at what date the object is to be deleted. Should be in GMT
+    #   ISO 8601 format.
+    #   @return [Time]
+    #
+    # @!attribute [rw] days
+    #   Indicates the lifetime, in days, of the objects that are subject to
+    #   the rule. The value must be a non-zero positive integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] expired_object_delete_marker
+    #   Indicates whether Amazon S3 will remove a delete marker with no
+    #   noncurrent versions. If set to true, the delete marker will be
+    #   expired. If set to false, the policy takes no action. This cannot be
+    #   specified with Days or Date in a Lifecycle Expiration Policy.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleExpiration AWS API Documentation
+    #
+    class LifecycleExpiration < Struct.new(
+      :date,
+      :days,
+      :expired_object_delete_marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle rule.
+    #
+    # @note When making an API call, you may pass LifecycleRule
+    #   data as a hash:
+    #
+    #       {
+    #         expiration: {
+    #           date: Time.now,
+    #           days: 1,
+    #           expired_object_delete_marker: false,
+    #         },
+    #         id: "ID",
+    #         filter: {
+    #           prefix: "Prefix",
+    #           tag: {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #           and: {
+    #             prefix: "Prefix",
+    #             tags: [
+    #               {
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         status: "Enabled", # required, accepts Enabled, Disabled
+    #         transitions: [
+    #           {
+    #             date: Time.now,
+    #             days: 1,
+    #             storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #           },
+    #         ],
+    #         noncurrent_version_transitions: [
+    #           {
+    #             noncurrent_days: 1,
+    #             storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
     #           },
+    #         ],
+    #         noncurrent_version_expiration: {
+    #           noncurrent_days: 1,
+    #         },
+    #         abort_incomplete_multipart_upload: {
+    #           days_after_initiation: 1,
     #         },
     #       }
     #
-    # @!attribute [rw] lambda_invoke
-    #   Directs the specified job to invoke an AWS Lambda function on each
-    #   object in the manifest.
-    #   @return [Types::LambdaInvokeOperation]
-    #
-    # @!attribute [rw] s3_put_object_copy
-    #   Directs the specified job to execute a PUT Copy object call on each
-    #   object in the manifest.
-    #   @return [Types::S3CopyObjectOperation]
+    # @!attribute [rw] expiration
+    #   Specifies the expiration for the lifecycle of the object in the form
+    #   of date, days and, whether the object has a delete marker.
+    #   @return [Types::LifecycleExpiration]
     #
-    # @!attribute [rw] s3_put_object_acl
-    #   Directs the specified job to execute a PUT Object acl call on each
-    #   object in the manifest.
-    #   @return [Types::S3SetObjectAclOperation]
+    # @!attribute [rw] id
+    #   Unique identifier for the rule. The value cannot be longer than 255
+    #   characters.
+    #   @return [String]
     #
-    # @!attribute [rw] s3_put_object_tagging
-    #   Directs the specified job to execute a PUT Object tagging call on
-    #   each object in the manifest.
-    #   @return [Types::S3SetObjectTaggingOperation]
+    # @!attribute [rw] filter
+    #   The container for the filter of lifecycle rule.
+    #   @return [Types::LifecycleRuleFilter]
     #
-    # @!attribute [rw] s3_initiate_restore_object
-    #   Directs the specified job to execute an Initiate Glacier Restore
-    #   call on each object in the manifest.
-    #   @return [Types::S3InitiateRestoreObjectOperation]
+    # @!attribute [rw] status
+    #   If 'Enabled', the rule is currently being applied. If
+    #   'Disabled', the rule is not currently being applied.
+    #   @return [String]
     #
-    # @!attribute [rw] s3_put_object_legal_hold
-    #   Contains the configuration parameters for a Set Object Legal Hold
-    #   operation. Amazon S3 Batch Operations passes each value through to
-    #   the underlying PUT Object Legal Hold API. For more information about
-    #   the parameters for this operation, see [PUT Object Legal Hold][1].
+    # @!attribute [rw] transitions
+    #   Specifies when an Amazon S3 object transitions to a specified
+    #   storage class.
     #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
     #
+    #    </note>
+    #   @return [Array<Types::Transition>]
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
-    #   @return [Types::S3SetObjectLegalHoldOperation]
+    # @!attribute [rw] noncurrent_version_transitions
+    #   Specifies the transition rule for the lifecycle rule that describes
+    #   when noncurrent objects transition to a specific storage class. If
+    #   your bucket is versioning-enabled (or versioning is suspended), you
+    #   can set this action to request that Amazon S3 transition noncurrent
+    #   object versions to a specific storage class at a set period in the
+    #   object's lifetime.
     #
-    # @!attribute [rw] s3_put_object_retention
-    #   Contains the configuration parameters for a Set Object Retention
-    #   operation. Amazon S3 Batch Operations passes each value through to
-    #   the underlying PUT Object Retention API. For more information about
-    #   the parameters for this operation, see [PUT Object Retention][1].
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
     #
+    #    </note>
+    #   @return [Array<Types::NoncurrentVersionTransition>]
     #
+    # @!attribute [rw] noncurrent_version_expiration
+    #   The noncurrent version expiration of the lifecycle rule.
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
-    #   @return [Types::S3SetObjectRetentionOperation]
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobOperation AWS API Documentation
+    #    </note>
+    #   @return [Types::NoncurrentVersionExpiration]
     #
-    class JobOperation < Struct.new(
-      :lambda_invoke,
-      :s3_put_object_copy,
-      :s3_put_object_acl,
-      :s3_put_object_tagging,
-      :s3_initiate_restore_object,
-      :s3_put_object_legal_hold,
-      :s3_put_object_retention)
-      SENSITIVE = []
-      include Aws::Structure
-    end
-
-    # Describes the total number of tasks that the specified job has
-    # executed, the number of tasks that succeeded, and the number of tasks
-    # that failed.
+    # @!attribute [rw] abort_incomplete_multipart_upload
+    #   Specifies the days since the initiation of an incomplete multipart
+    #   upload that Amazon S3 waits before permanently removing all parts of
+    #   the upload. For more information, see [ Aborting Incomplete
+    #   Multipart Uploads Using a Bucket Lifecycle Policy][1] in the *Amazon
+    #   Simple Storage Service Developer Guide*.
     #
-    # @!attribute [rw] total_number_of_tasks
-    #   @return [Integer]
     #
-    # @!attribute [rw] number_of_tasks_succeeded
-    #   @return [Integer]
     #
-    # @!attribute [rw] number_of_tasks_failed
-    #   @return [Integer]
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config
+    #   @return [Types::AbortIncompleteMultipartUpload]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobProgressSummary AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRule AWS API Documentation
     #
-    class JobProgressSummary < Struct.new(
-      :total_number_of_tasks,
-      :number_of_tasks_succeeded,
-      :number_of_tasks_failed)
+    class LifecycleRule < Struct.new(
+      :expiration,
+      :id,
+      :filter,
+      :status,
+      :transitions,
+      :noncurrent_version_transitions,
+      :noncurrent_version_expiration,
+      :abort_incomplete_multipart_upload)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a job-completion report.
+    # The container for the Outposts bucket lifecycle rule and operator.
     #
-    # @note When making an API call, you may pass JobReport
+    # @note When making an API call, you may pass LifecycleRuleAndOperator
     #   data as a hash:
     #
     #       {
-    #         bucket: "S3BucketArnString",
-    #         format: "Report_CSV_20180820", # accepts Report_CSV_20180820
-    #         enabled: false, # required
-    #         prefix: "ReportPrefixString",
-    #         report_scope: "AllTasks", # accepts AllTasks, FailedTasksOnly
+    #         prefix: "Prefix",
+    #         tags: [
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
     #       }
     #
-    # @!attribute [rw] bucket
-    #   The Amazon Resource Name (ARN) for the bucket where specified
-    #   job-completion report will be stored.
-    #   @return [String]
-    #
-    # @!attribute [rw] format
-    #   The format of the specified job-completion report.
-    #   @return [String]
-    #
-    # @!attribute [rw] enabled
-    #   Indicates whether the specified job will generate a job-completion
-    #   report.
-    #   @return [Boolean]
-    #
     # @!attribute [rw] prefix
-    #   An optional prefix to describe where in the specified bucket the
-    #   job-completion report will be stored. Amazon S3 will store the
-    #   job-completion report at
-    #   &lt;prefix&gt;/job-&lt;job-id&gt;/report.json.
+    #   Prefix identifying one or more objects to which the rule applies.
     #   @return [String]
     #
-    # @!attribute [rw] report_scope
-    #   Indicates whether the job-completion report will include details of
-    #   all tasks or only failed tasks.
-    #   @return [String]
+    # @!attribute [rw] tags
+    #   All of these tags must exist in the object's tag set in order for
+    #   the rule to apply.
+    #   @return [Array<Types::S3Tag>]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobReport AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRuleAndOperator AWS API Documentation
     #
-    class JobReport < Struct.new(
-      :bucket,
-      :format,
-      :enabled,
+    class LifecycleRuleAndOperator < Struct.new(
       :prefix,
-      :report_scope)
-      SENSITIVE = []
-      include Aws::Structure
-    end
-
-    # @!attribute [rw] message
-    #   @return [String]
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobStatusException AWS API Documentation
-    #
-    class JobStatusException < Struct.new(
-      :message)
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a `Lambda Invoke` operation.
+    # The container for the filter of the lifecycle rule.
     #
-    # @note When making an API call, you may pass LambdaInvokeOperation
+    # @note When making an API call, you may pass LifecycleRuleFilter
     #   data as a hash:
     #
     #       {
-    #         function_arn: "FunctionArnString",
+    #         prefix: "Prefix",
+    #         tag: {
+    #           key: "TagKeyString", # required
+    #           value: "TagValueString", # required
+    #         },
+    #         and: {
+    #           prefix: "Prefix",
+    #           tags: [
+    #             {
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
+    #             },
+    #           ],
+    #         },
     #       }
     #
-    # @!attribute [rw] function_arn
-    #   The Amazon Resource Name (ARN) for the AWS Lambda function that the
-    #   specified job will invoke for each object in the manifest.
+    # @!attribute [rw] prefix
+    #   Prefix identifying one or more objects to which the rule applies.
+    #
+    #   Replacement must be made for object keys containing special
+    #   characters (such as carriage returns) when using XML requests. For
+    #   more information, see [ XML related object key constraints][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LambdaInvokeOperation AWS API Documentation
+    # @!attribute [rw] tag
+    #   @return [Types::S3Tag]
     #
-    class LambdaInvokeOperation < Struct.new(
-      :function_arn)
+    # @!attribute [rw] and
+    #   The container for the `AND` condition for the lifecycle rule.
+    #   @return [Types::LifecycleRuleAndOperator]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRuleFilter AWS API Documentation
+    #
+    class LifecycleRuleFilter < Struct.new(
+      :prefix,
+      :tag,
+      :and)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1326,6 +2607,18 @@ module Aws::S3Control
     # @!attribute [rw] bucket
     #   The name of the bucket whose associated access points you want to
     #   list.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -1361,9 +2654,9 @@ module Aws::S3Control
     #
     # @!attribute [rw] next_token
     #   If the specified bucket has more access points than can be returned
-    #   in one call to this API, then this field contains a continuation
-    #   token that you can provide in subsequent calls to this API to
-    #   retrieve additional access points.
+    #   in one call to this API, this field contains a continuation token
+    #   that you can provide in subsequent calls to this API to retrieve
+    #   additional access points.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessPointsResult AWS API Documentation
@@ -1437,17 +2730,218 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # Amazon S3 throws this exception if you make a `GetPublicAccessBlock`
-    # request against an account that doesn't have a
-    # `PublicAccessBlockConfiguration` set.
+    # @note When making an API call, you may pass ListRegionalBucketsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         next_token: "NonEmptyMaxLength1024String",
+    #         max_results: 1,
+    #         outpost_id: "NonEmptyMaxLength64String",
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   @return [Integer]
+    #
+    # @!attribute [rw] outpost_id
+    #   The ID of the AWS Outposts.
+    #
+    #   <note markdown="1"> This is required by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListRegionalBucketsRequest AWS API Documentation
+    #
+    class ListRegionalBucketsRequest < Struct.new(
+      :account_id,
+      :next_token,
+      :max_results,
+      :outpost_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] regional_bucket_list
+    #   @return [Array<Types::RegionalBucket>]
+    #
+    # @!attribute [rw] next_token
+    #   `NextToken` is sent when `isTruncated` is true, which means there
+    #   are more buckets that can be listed. The next list requests to
+    #   Amazon S3 can be continued with this `NextToken`. `NextToken` is
+    #   obfuscated and is not a real key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListRegionalBucketsResult AWS API Documentation
+    #
+    class ListRegionalBucketsResult < Struct.new(
+      :regional_bucket_list,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Part of `ListStorageLensConfigurationResult`. Each entry includes the
+    # description of the S3 Storage Lens configuration, its home Region,
+    # whether it is enabled, its Amazon Resource Name (ARN), and config ID.
+    #
+    # @!attribute [rw] id
+    #   A container for the S3 Storage Lens configuration ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] storage_lens_arn
+    #   The ARN of the S3 Storage Lens configuration. This property is
+    #   read-only.
+    #   @return [String]
+    #
+    # @!attribute [rw] home_region
+    #   A container for the S3 Storage Lens home Region. Your metrics data
+    #   is stored and retained in your designated S3 Storage Lens home
+    #   Region.
+    #   @return [String]
+    #
+    # @!attribute [rw] is_enabled
+    #   A container for whether the S3 Storage Lens configuration is
+    #   enabled. This property is required.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListStorageLensConfigurationEntry AWS API Documentation
+    #
+    class ListStorageLensConfigurationEntry < Struct.new(
+      :id,
+      :storage_lens_arn,
+      :home_region,
+      :is_enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListStorageLensConfigurationsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         next_token: "ContinuationToken",
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination token to request the next page of results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListStorageLensConfigurationsRequest AWS API Documentation
+    #
+    class ListStorageLensConfigurationsRequest < Struct.new(
+      :account_id,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   If the request produced more than the maximum number of S3 Storage
+    #   Lens configuration results, you can pass this value into a
+    #   subsequent request to retrieve the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] storage_lens_configuration_list
+    #   A list of S3 Storage Lens configurations.
+    #   @return [Array<Types::ListStorageLensConfigurationEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListStorageLensConfigurationsResult AWS API Documentation
+    #
+    class ListStorageLensConfigurationsResult < Struct.new(
+      :next_token,
+      :storage_lens_configuration_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Amazon S3 throws this exception if you make a `GetPublicAccessBlock`
+    # request against an account that doesn't have a
+    # `PublicAccessBlockConfiguration` set.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoSuchPublicAccessBlockConfiguration AWS API Documentation
+    #
+    class NoSuchPublicAccessBlockConfiguration < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container of the noncurrent version expiration.
+    #
+    # @note When making an API call, you may pass NoncurrentVersionExpiration
+    #   data as a hash:
+    #
+    #       {
+    #         noncurrent_days: 1,
+    #       }
+    #
+    # @!attribute [rw] noncurrent_days
+    #   Specifies the number of days an object is noncurrent before Amazon
+    #   S3 can perform the associated action. For information about the
+    #   noncurrent days calculations, see [How Amazon S3 Calculates When an
+    #   Object Became Noncurrent][1] in the *Amazon Simple Storage Service
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoncurrentVersionExpiration AWS API Documentation
+    #
+    class NoncurrentVersionExpiration < Struct.new(
+      :noncurrent_days)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the noncurrent version transition.
     #
-    # @!attribute [rw] message
+    # @note When making an API call, you may pass NoncurrentVersionTransition
+    #   data as a hash:
+    #
+    #       {
+    #         noncurrent_days: 1,
+    #         storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #       }
+    #
+    # @!attribute [rw] noncurrent_days
+    #   Specifies the number of days an object is noncurrent before Amazon
+    #   S3 can perform the associated action. For information about the
+    #   noncurrent days calculations, see [ How Amazon S3 Calculates How
+    #   Long an Object Has Been Noncurrent][1] in the *Amazon Simple Storage
+    #   Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations
+    #   @return [Integer]
+    #
+    # @!attribute [rw] storage_class
+    #   The class of storage used to store the object.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoSuchPublicAccessBlockConfiguration AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoncurrentVersionTransition AWS API Documentation
     #
-    class NoSuchPublicAccessBlockConfiguration < Struct.new(
-      :message)
+    class NoncurrentVersionTransition < Struct.new(
+      :noncurrent_days,
+      :storage_class)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1483,11 +2977,72 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # A container for the prefix-level configuration.
+    #
+    # @note When making an API call, you may pass PrefixLevel
+    #   data as a hash:
+    #
+    #       {
+    #         storage_metrics: { # required
+    #           is_enabled: false,
+    #           selection_criteria: {
+    #             delimiter: "StorageLensPrefixLevelDelimiter",
+    #             max_depth: 1,
+    #             min_storage_bytes_percentage: 1.0,
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] storage_metrics
+    #   A container for the prefix-level storage metrics for S3 Storage
+    #   Lens.
+    #   @return [Types::PrefixLevelStorageMetrics]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PrefixLevel AWS API Documentation
+    #
+    class PrefixLevel < Struct.new(
+      :storage_metrics)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the prefix-level storage metrics for S3 Storage Lens.
+    #
+    # @note When making an API call, you may pass PrefixLevelStorageMetrics
+    #   data as a hash:
+    #
+    #       {
+    #         is_enabled: false,
+    #         selection_criteria: {
+    #           delimiter: "StorageLensPrefixLevelDelimiter",
+    #           max_depth: 1,
+    #           min_storage_bytes_percentage: 1.0,
+    #         },
+    #       }
+    #
+    # @!attribute [rw] is_enabled
+    #   A container for whether prefix-level storage metrics are enabled.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] selection_criteria
+    #   @return [Types::SelectionCriteria]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PrefixLevelStorageMetrics AWS API Documentation
+    #
+    class PrefixLevelStorageMetrics < Struct.new(
+      :is_enabled,
+      :selection_criteria)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The `PublicAccessBlock` configuration that you want to apply to this
-    # Amazon S3 bucket. You can enable the configuration options in any
+    # Amazon S3 account. You can enable the configuration options in any
     # combination. For more information about when Amazon S3 considers a
     # bucket or object public, see [The Meaning of "Public"][1] in the
-    # Amazon Simple Storage Service Developer Guide.
+    # *Amazon Simple Storage Service Developer Guide*.
+    #
+    # This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -1516,6 +3071,8 @@ module Aws::S3Control
     #   * PUT Bucket calls fail if the request includes a public ACL.
     #
     #   Enabling this setting doesn't affect existing policies or ACLs.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] ignore_public_acls
@@ -1526,6 +3083,8 @@ module Aws::S3Control
     #
     #   Enabling this setting doesn't affect the persistence of any
     #   existing ACLs and doesn't prevent new public ACLs from being set.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] block_public_policy
@@ -1535,18 +3094,22 @@ module Aws::S3Control
     #   bucket policy allows public access.
     #
     #   Enabling this setting doesn't affect existing bucket policies.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] restrict_public_buckets
     #   Specifies whether Amazon S3 should restrict public bucket policies
     #   for buckets in this account. Setting this element to `TRUE`
-    #   restricts access to buckets with public policies to only AWS
-    #   services and authorized users within this account.
+    #   restricts access to buckets with public policies to only AWS service
+    #   principals and authorized users within this account.
     #
     #   Enabling this setting doesn't affect previously stored bucket
     #   policies, except that public and cross-account access within any
     #   public bucket policy, including non-public delegation to specific
     #   accounts, is blocked.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PublicAccessBlockConfiguration AWS API Documentation
@@ -1577,12 +3140,25 @@ module Aws::S3Control
     # @!attribute [rw] name
     #   The name of the access point that you want to associate with the
     #   specified policy.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the access point accessed in the
+    #   format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] policy
     #   The policy that you want to apply to the specified access point. For
-    #   more information about access point policies, see [Managing Data
-    #   Access with Amazon S3 Access Points][1] in the *Amazon Simple
+    #   more information about access point policies, see [Managing data
+    #   access with Amazon S3 Access Points][1] in the *Amazon Simple
     #   Storage Service Developer Guide*.
     #
     #
@@ -1600,6 +3176,187 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutBucketLifecycleConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         lifecycle_configuration: {
+    #           rules: [
+    #             {
+    #               expiration: {
+    #                 date: Time.now,
+    #                 days: 1,
+    #                 expired_object_delete_marker: false,
+    #               },
+    #               id: "ID",
+    #               filter: {
+    #                 prefix: "Prefix",
+    #                 tag: {
+    #                   key: "TagKeyString", # required
+    #                   value: "TagValueString", # required
+    #                 },
+    #                 and: {
+    #                   prefix: "Prefix",
+    #                   tags: [
+    #                     {
+    #                       key: "TagKeyString", # required
+    #                       value: "TagValueString", # required
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #               status: "Enabled", # required, accepts Enabled, Disabled
+    #               transitions: [
+    #                 {
+    #                   date: Time.now,
+    #                   days: 1,
+    #                   storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #                 },
+    #               ],
+    #               noncurrent_version_transitions: [
+    #                 {
+    #                   noncurrent_days: 1,
+    #                   storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #                 },
+    #               ],
+    #               noncurrent_version_expiration: {
+    #                 noncurrent_days: 1,
+    #               },
+    #               abort_incomplete_multipart_upload: {
+    #                 days_after_initiation: 1,
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket for which to set the configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] lifecycle_configuration
+    #   Container for lifecycle rules. You can add as many as 1,000 rules.
+    #   @return [Types::LifecycleConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketLifecycleConfigurationRequest AWS API Documentation
+    #
+    class PutBucketLifecycleConfigurationRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :lifecycle_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         confirm_remove_self_bucket_access: false,
+    #         policy: "Policy", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] confirm_remove_self_bucket_access
+    #   Set this parameter to true to confirm that you want to remove your
+    #   permissions to change this bucket policy in the future.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] policy
+    #   The bucket policy as a JSON document.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketPolicyRequest AWS API Documentation
+    #
+    class PutBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :confirm_remove_self_bucket_access,
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         tagging: { # required
+    #           tag_set: [ # required
+    #             {
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For using this parameter with Amazon S3 on Outposts with the REST
+    #   API, you must specify the name and the x-amz-outpost-id as well.
+    #
+    #   For using this parameter with S3 on Outposts with the AWS SDK and
+    #   CLI, you must specify the ARN of the bucket accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] tagging
+    #   @return [Types::Tagging]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketTaggingRequest AWS API Documentation
+    #
+    class PutBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :tagging)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutJobTaggingRequest
     #   data as a hash:
     #
@@ -1615,62 +3372,233 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   The ID for the S3 Batch Operations job whose tags you want to
     #   replace.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The set of tags to associate with the Amazon S3 Batch Operations
-    #   job.
+    #   The set of tags to associate with the S3 Batch Operations job.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingRequest AWS API Documentation
     #
-    class PutJobTaggingRequest < Struct.new(
+    class PutJobTaggingRequest < Struct.new(
+      :account_id,
+      :job_id,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingResult AWS API Documentation
+    #
+    class PutJobTaggingResult < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass PutPublicAccessBlockRequest
+    #   data as a hash:
+    #
+    #       {
+    #         public_access_block_configuration: { # required
+    #           block_public_acls: false,
+    #           ignore_public_acls: false,
+    #           block_public_policy: false,
+    #           restrict_public_buckets: false,
+    #         },
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] public_access_block_configuration
+    #   The `PublicAccessBlock` configuration that you want to apply to the
+    #   specified AWS account.
+    #   @return [Types::PublicAccessBlockConfiguration]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to set.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutPublicAccessBlockRequest AWS API Documentation
+    #
+    class PutPublicAccessBlockRequest < Struct.new(
+      :public_access_block_configuration,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutStorageLensConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #         storage_lens_configuration: { # required
+    #           id: "ConfigId", # required
+    #           account_level: { # required
+    #             activity_metrics: {
+    #               is_enabled: false,
+    #             },
+    #             bucket_level: { # required
+    #               activity_metrics: {
+    #                 is_enabled: false,
+    #               },
+    #               prefix_level: {
+    #                 storage_metrics: { # required
+    #                   is_enabled: false,
+    #                   selection_criteria: {
+    #                     delimiter: "StorageLensPrefixLevelDelimiter",
+    #                     max_depth: 1,
+    #                     min_storage_bytes_percentage: 1.0,
+    #                   },
+    #                 },
+    #               },
+    #             },
+    #           },
+    #           include: {
+    #             buckets: ["S3BucketArnString"],
+    #             regions: ["S3AWSRegion"],
+    #           },
+    #           exclude: {
+    #             buckets: ["S3BucketArnString"],
+    #             regions: ["S3AWSRegion"],
+    #           },
+    #           data_export: {
+    #             s3_bucket_destination: { # required
+    #               format: "CSV", # required, accepts CSV, Parquet
+    #               output_schema_version: "V_1", # required, accepts V_1
+    #               account_id: "AccountId", # required
+    #               arn: "S3BucketArnString", # required
+    #               prefix: "Prefix",
+    #               encryption: {
+    #                 sses3: {
+    #                 },
+    #                 ssekms: {
+    #                   key_id: "SSEKMSKeyId", # required
+    #                 },
+    #               },
+    #             },
+    #           },
+    #           is_enabled: false, # required
+    #           aws_org: {
+    #             arn: "AwsOrgArn", # required
+    #           },
+    #           storage_lens_arn: "StorageLensArn",
+    #         },
+    #         tags: [
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @!attribute [rw] storage_lens_configuration
+    #   The S3 Storage Lens configuration.
+    #   @return [Types::StorageLensConfiguration]
+    #
+    # @!attribute [rw] tags
+    #   The tag set of the S3 Storage Lens configuration.
+    #
+    #   <note markdown="1"> You can set up to a maximum of 50 tags.
+    #
+    #    </note>
+    #   @return [Array<Types::StorageLensTag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutStorageLensConfigurationRequest AWS API Documentation
+    #
+    class PutStorageLensConfigurationRequest < Struct.new(
+      :config_id,
+      :account_id,
+      :storage_lens_configuration,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutStorageLensConfigurationTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         config_id: "ConfigId", # required
+    #         account_id: "AccountId", # required
+    #         tags: [ # required
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] config_id
+    #   The ID of the S3 Storage Lens configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the requester.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The tag set of the S3 Storage Lens configuration.
+    #
+    #   <note markdown="1"> You can set up to a maximum of 50 tags.
+    #
+    #    </note>
+    #   @return [Array<Types::StorageLensTag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutStorageLensConfigurationTaggingRequest AWS API Documentation
+    #
+    class PutStorageLensConfigurationTaggingRequest < Struct.new(
+      :config_id,
       :account_id,
-      :job_id,
       :tags)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingResult AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutStorageLensConfigurationTaggingResult AWS API Documentation
     #
-    class PutJobTaggingResult < Aws::EmptyStructure; end
+    class PutStorageLensConfigurationTaggingResult < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass PutPublicAccessBlockRequest
-    #   data as a hash:
+    # The container for the regional bucket.
     #
-    #       {
-    #         public_access_block_configuration: { # required
-    #           block_public_acls: false,
-    #           ignore_public_acls: false,
-    #           block_public_policy: false,
-    #           restrict_public_buckets: false,
-    #         },
-    #         account_id: "AccountId", # required
-    #       }
+    # @!attribute [rw] bucket
+    #   @return [String]
     #
-    # @!attribute [rw] public_access_block_configuration
-    #   The `PublicAccessBlock` configuration that you want to apply to the
-    #   specified Amazon Web Services account.
-    #   @return [Types::PublicAccessBlockConfiguration]
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) for the regional bucket.
+    #   @return [String]
     #
-    # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to set.
+    # @!attribute [rw] public_access_block_enabled
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] creation_date
+    #   The creation date of the regional bucket
+    #   @return [Time]
+    #
+    # @!attribute [rw] outpost_id
+    #   The AWS Outposts ID of the regional bucket.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutPublicAccessBlockRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/RegionalBucket AWS API Documentation
     #
-    class PutPublicAccessBlockRequest < Struct.new(
-      :public_access_block_configuration,
-      :account_id)
+    class RegionalBucket < Struct.new(
+      :bucket,
+      :bucket_arn,
+      :public_access_block_enabled,
+      :creation_date,
+      :outpost_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1748,10 +3676,73 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # A container for the bucket where the Amazon S3 Storage Lens metrics
+    # export files are located.
+    #
+    # @note When making an API call, you may pass S3BucketDestination
+    #   data as a hash:
+    #
+    #       {
+    #         format: "CSV", # required, accepts CSV, Parquet
+    #         output_schema_version: "V_1", # required, accepts V_1
+    #         account_id: "AccountId", # required
+    #         arn: "S3BucketArnString", # required
+    #         prefix: "Prefix",
+    #         encryption: {
+    #           sses3: {
+    #           },
+    #           ssekms: {
+    #             key_id: "SSEKMSKeyId", # required
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] format
+    #   @return [String]
+    #
+    # @!attribute [rw] output_schema_version
+    #   The schema version of the export file.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the owner of the S3 Storage Lens metrics export
+    #   bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the bucket. This property is
+    #   read-only and follows the following format: `
+    #   arn:aws:s3:us-east-1:example-account-id:bucket/your-destination-bucket-name
+    #   `
+    #   @return [String]
+    #
+    # @!attribute [rw] prefix
+    #   The prefix of the destination bucket where the metrics export will
+    #   be delivered.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption
+    #   The container for the type encryption of the metrics exports in this
+    #   bucket.
+    #   @return [Types::StorageLensDataExportEncryption]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3BucketDestination AWS API Documentation
+    #
+    class S3BucketDestination < Struct.new(
+      :format,
+      :output_schema_version,
+      :account_id,
+      :arn,
+      :prefix,
+      :encryption)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains the configuration parameters for a PUT Copy object operation.
-    # Amazon S3 Batch Operations passes each value through to the underlying
-    # PUT Copy object API. For more information about the parameters for
-    # this operation, see [PUT Object - Copy][1].
+    # S3 Batch Operations passes every object to the underlying PUT Copy
+    # object API. For more information about the parameters for this
+    # operation, see [PUT Object - Copy][1].
     #
     #
     #
@@ -1808,6 +3799,10 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] target_resource
+    #   Specifies the destination bucket ARN for the batch copy operation.
+    #   For example, to copy objects to a bucket named
+    #   "destinationBucket", set the TargetResource to
+    #   "arn:aws:s3:::destinationBucket".
     #   @return [String]
     #
     # @!attribute [rw] canned_access_control_list
@@ -1829,6 +3824,9 @@ module Aws::S3Control
     #   @return [Array<Types::S3Tag>]
     #
     # @!attribute [rw] redirect_location
+    #   Specifies an optional metadata property for website redirects,
+    #   `x-amz-website-redirect-location`. Allows webpage redirects if the
+    #   object is accessed through a website endpoint.
     #   @return [String]
     #
     # @!attribute [rw] requester_pays
@@ -1844,21 +3842,25 @@ module Aws::S3Control
     #   @return [String]
     #
     # @!attribute [rw] target_key_prefix
+    #   Specifies the folder prefix into which you would like the objects to
+    #   be copied. For example, to copy objects into a folder named
+    #   "Folder1" in the destination bucket, set the TargetKeyPrefix to
+    #   "Folder1/".
     #   @return [String]
     #
     # @!attribute [rw] object_lock_legal_hold_status
-    #   The Legal Hold status to be applied to all objects in the Batch
+    #   The legal hold status to be applied to all objects in the Batch
     #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_mode
-    #   The Retention mode to be applied to all objects in the Batch
+    #   The retention mode to be applied to all objects in the Batch
     #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_retain_until_date
-    #   The date when the applied Object Retention configuration will expire
-    #   on all objects in the Batch Operations job.
+    #   The date when the applied object retention configuration expires on
+    #   all objects in the Batch Operations job.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3CopyObjectOperation AWS API Documentation
@@ -1884,6 +3886,16 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Contains no configuration parameters because the DELETE Object tagging
+    # API only accepts the bucket name and key name as parameters, which are
+    # defined in the job's manifest.
+    #
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3DeleteObjectTaggingOperation AWS API Documentation
+    #
+    class S3DeleteObjectTaggingOperation < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass S3Grant
     #   data as a hash:
     #
@@ -1939,10 +3951,10 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for an Initiate Glacier Restore
-    # job. Amazon S3 Batch Operations passes each value through to the
-    # underlying POST Object restore API. For more information about the
-    # parameters for this operation, see [Restoring Archives][1].
+    # Contains the configuration parameters for an S3 Initiate Restore
+    # Object job. S3 Batch Operations passes every object to the underlying
+    # POST Object restore API. For more information about the parameters for
+    # this operation, see [RestoreObject][1].
     #
     #
     #
@@ -1957,9 +3969,29 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] expiration_in_days
+    #   This argument specifies how long the S3 Glacier or S3 Glacier Deep
+    #   Archive object remains available in Amazon S3. S3 Initiate Restore
+    #   Object jobs that target S3 Glacier and S3 Glacier Deep Archive
+    #   objects require `ExpirationInDays` set to 1 or greater.
+    #
+    #   Conversely, do *not* set `ExpirationInDays` when creating S3
+    #   Initiate Restore Object jobs that target S3 Intelligent-Tiering
+    #   Archive Access and Deep Archive Access tier objects. Objects in S3
+    #   Intelligent-Tiering archive access tiers are not subject to restore
+    #   expiry, so specifying `ExpirationInDays` results in restore request
+    #   failure.
+    #
+    #   S3 Batch Operations jobs can operate either on S3 Glacier and S3
+    #   Glacier Deep Archive storage class objects or on S3
+    #   Intelligent-Tiering Archive Access and Deep Archive Access storage
+    #   tier objects, but not both types in the same job. If you need to
+    #   restore objects of both types you *must* create separate Batch
+    #   Operations jobs.
     #   @return [Integer]
     #
     # @!attribute [rw] glacier_job_tier
+    #   S3 Batch Operations supports `STANDARD` and `BULK` retrieval tiers,
+    #   but not the `EXPEDITED` retrieval tier.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3InitiateRestoreObjectOperation AWS API Documentation
@@ -1971,6 +4003,9 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Whether S3 Object Lock legal hold will be applied to objects in an S3
+    # Batch Operations job.
+    #
     # @note When making an API call, you may pass S3ObjectLockLegalHold
     #   data as a hash:
     #
@@ -1979,8 +4014,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] status
-    #   The Legal Hold status to be applied to all objects in the Batch
-    #   Operations job.
+    #   The Object Lock legal hold status to be applied to all objects in
+    #   the Batch Operations job.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3ObjectLockLegalHold AWS API Documentation
@@ -2084,6 +4119,17 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Contains the S3 Object Lock retention mode to be applied to all
+    # objects in the S3 Batch Operations job. If you don't provide `Mode`
+    # and `RetainUntilDate` data types in your operation, you will remove
+    # the retention from your objects. For more information, see [Using S3
+    # Object Lock retention with S3 Batch Operations][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
+    #
     # @note When making an API call, you may pass S3Retention
     #   data as a hash:
     #
@@ -2093,13 +4139,13 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] retain_until_date
-    #   The date when the applied Object Retention will expire on all
-    #   objects in the Batch Operations job.
+    #   The date when the applied Object Lock retention will expire on all
+    #   objects set by the Batch Operations job.
     #   @return [Time]
     #
     # @!attribute [rw] mode
-    #   The Retention mode to be applied to all objects in the Batch
-    #   Operations job.
+    #   The Object Lock retention mode to be applied to all objects in the
+    #   Batch Operations job.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3Retention AWS API Documentation
@@ -2112,9 +4158,9 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for a Set Object ACL operation.
-    # Amazon S3 Batch Operations passes each value through to the underlying
-    # PUT Object acl API. For more information about the parameters for this
-    # operation, see [PUT Object acl][1].
+    # S3 Batch Operations passes every object to the underlying PUT Object
+    # acl API. For more information about the parameters for this operation,
+    # see [PUT Object acl][1].
     #
     #
     #
@@ -2156,14 +4202,15 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a Set Object Legal Hold
-    # operation. Amazon S3 Batch Operations passes each value through to the
-    # underlying PUT Object Legal Hold API. For more information about the
-    # parameters for this operation, see [PUT Object Legal Hold][1].
+    # Contains the configuration for an S3 Object Lock legal hold operation
+    # that an S3 Batch Operations job passes every object to the underlying
+    # `PutObjectLegalHold` API. For more information, see [Using S3 Object
+    # Lock legal hold with S3 Batch Operations][1] in the *Amazon Simple
+    # Storage Service Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-legal-hold.html
     #
     # @note When making an API call, you may pass S3SetObjectLegalHoldOperation
     #   data as a hash:
@@ -2175,8 +4222,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] legal_hold
-    #   The Legal Hold contains the status to be applied to all objects in
-    #   the Batch Operations job.
+    #   Contains the Object Lock legal hold status to be applied to all
+    #   objects in the Batch Operations job.
     #   @return [Types::S3ObjectLockLegalHold]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectLegalHoldOperation AWS API Documentation
@@ -2187,14 +4234,15 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a Set Object Retention
-    # operation. Amazon S3 Batch Operations passes each value through to the
-    # underlying PUT Object Retention API. For more information about the
-    # parameters for this operation, see [PUT Object Retention][1].
+    # Contains the configuration parameters for the Object Lock retention
+    # action for an S3 Batch Operations job. Batch Operations passes every
+    # object to the underlying `PutObjectRetention` API. For more
+    # information, see [Using S3 Object Lock retention with S3 Batch
+    # Operations][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #
     # @note When making an API call, you may pass S3SetObjectRetentionOperation
     #   data as a hash:
@@ -2208,14 +4256,20 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] bypass_governance_retention
-    #   Indicates if the operation should be applied to objects in the Batch
-    #   Operations job even if they have Governance-type Object Lock in
+    #   Indicates if the action should be applied to objects in the Batch
+    #   Operations job even if they have Object Lock ` GOVERNANCE` type in
     #   place.
     #   @return [Boolean]
     #
     # @!attribute [rw] retention
-    #   Amazon S3 object lock Retention contains the retention mode to be
-    #   applied to all objects in the Batch Operations job.
+    #   Contains the Object Lock retention mode to be applied to all objects
+    #   in the Batch Operations job. For more information, see [Using S3
+    #   Object Lock retention with S3 Batch Operations][1] in the *Amazon
+    #   Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #   @return [Types::S3Retention]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectRetentionOperation AWS API Documentation
@@ -2228,9 +4282,9 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for a Set Object Tagging
-    # operation. Amazon S3 Batch Operations passes each value through to the
-    # underlying PUT Object tagging API. For more information about the
-    # parameters for this operation, see [PUT Object tagging][1].
+    # operation. S3 Batch Operations passes every object to the underlying
+    # PUT Object tagging API. For more information about the parameters for
+    # this operation, see [PUT Object tagging][1].
     #
     #
     #
@@ -2282,6 +4336,327 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass SSEKMS
+    #   data as a hash:
+    #
+    #       {
+    #         key_id: "SSEKMSKeyId", # required
+    #       }
+    #
+    # @!attribute [rw] key_id
+    #   A container for the ARN of the SSE-KMS encryption. This property is
+    #   read-only and follows the following format: `
+    #   arn:aws:kms:us-east-1:example-account-id:key/example-9a73-4afc-8d29-8f5900cef44e
+    #   `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSEKMS AWS API Documentation
+    #
+    class SSEKMS < Struct.new(
+      :key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SSES3 AWS API Documentation
+    #
+    class SSES3 < Aws::EmptyStructure; end
+
+    # @note When making an API call, you may pass SelectionCriteria
+    #   data as a hash:
+    #
+    #       {
+    #         delimiter: "StorageLensPrefixLevelDelimiter",
+    #         max_depth: 1,
+    #         min_storage_bytes_percentage: 1.0,
+    #       }
+    #
+    # @!attribute [rw] delimiter
+    #   A container for the delimiter of the selection criteria being used.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_depth
+    #   The max depth of the selection criteria
+    #   @return [Integer]
+    #
+    # @!attribute [rw] min_storage_bytes_percentage
+    #   The minimum number of storage bytes percentage whose metrics will be
+    #   selected.
+    #
+    #   <note markdown="1"> You must choose a value greater than or equal to `1.0`.
+    #
+    #    </note>
+    #   @return [Float]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/SelectionCriteria AWS API Documentation
+    #
+    class SelectionCriteria < Struct.new(
+      :delimiter,
+      :max_depth,
+      :min_storage_bytes_percentage)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The AWS organization for your S3 Storage Lens.
+    #
+    # @note When making an API call, you may pass StorageLensAwsOrg
+    #   data as a hash:
+    #
+    #       {
+    #         arn: "AwsOrgArn", # required
+    #       }
+    #
+    # @!attribute [rw] arn
+    #   A container for the Amazon Resource Name (ARN) of the AWS
+    #   organization. This property is read-only and follows the following
+    #   format: `
+    #   arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck
+    #   `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensAwsOrg AWS API Documentation
+    #
+    class StorageLensAwsOrg < Struct.new(
+      :arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the Amazon S3 Storage Lens configuration.
+    #
+    # @note When making an API call, you may pass StorageLensConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         id: "ConfigId", # required
+    #         account_level: { # required
+    #           activity_metrics: {
+    #             is_enabled: false,
+    #           },
+    #           bucket_level: { # required
+    #             activity_metrics: {
+    #               is_enabled: false,
+    #             },
+    #             prefix_level: {
+    #               storage_metrics: { # required
+    #                 is_enabled: false,
+    #                 selection_criteria: {
+    #                   delimiter: "StorageLensPrefixLevelDelimiter",
+    #                   max_depth: 1,
+    #                   min_storage_bytes_percentage: 1.0,
+    #                 },
+    #               },
+    #             },
+    #           },
+    #         },
+    #         include: {
+    #           buckets: ["S3BucketArnString"],
+    #           regions: ["S3AWSRegion"],
+    #         },
+    #         exclude: {
+    #           buckets: ["S3BucketArnString"],
+    #           regions: ["S3AWSRegion"],
+    #         },
+    #         data_export: {
+    #           s3_bucket_destination: { # required
+    #             format: "CSV", # required, accepts CSV, Parquet
+    #             output_schema_version: "V_1", # required, accepts V_1
+    #             account_id: "AccountId", # required
+    #             arn: "S3BucketArnString", # required
+    #             prefix: "Prefix",
+    #             encryption: {
+    #               sses3: {
+    #               },
+    #               ssekms: {
+    #                 key_id: "SSEKMSKeyId", # required
+    #               },
+    #             },
+    #           },
+    #         },
+    #         is_enabled: false, # required
+    #         aws_org: {
+    #           arn: "AwsOrgArn", # required
+    #         },
+    #         storage_lens_arn: "StorageLensArn",
+    #       }
+    #
+    # @!attribute [rw] id
+    #   A container for the Amazon S3 Storage Lens configuration ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_level
+    #   A container for all the account-level configurations of your S3
+    #   Storage Lens configuration.
+    #   @return [Types::AccountLevel]
+    #
+    # @!attribute [rw] include
+    #   A container for what is included in this configuration. This
+    #   container can only be valid if there is no `Exclude` container
+    #   submitted, and it's not empty.
+    #   @return [Types::Include]
+    #
+    # @!attribute [rw] exclude
+    #   A container for what is excluded in this configuration. This
+    #   container can only be valid if there is no `Include` container
+    #   submitted, and it's not empty.
+    #   @return [Types::Exclude]
+    #
+    # @!attribute [rw] data_export
+    #   A container to specify the properties of your S3 Storage Lens
+    #   metrics export including, the destination, schema and format.
+    #   @return [Types::StorageLensDataExport]
+    #
+    # @!attribute [rw] is_enabled
+    #   A container for whether the S3 Storage Lens configuration is
+    #   enabled.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] aws_org
+    #   A container for the AWS organization for this S3 Storage Lens
+    #   configuration.
+    #   @return [Types::StorageLensAwsOrg]
+    #
+    # @!attribute [rw] storage_lens_arn
+    #   The Amazon Resource Name (ARN) of the S3 Storage Lens configuration.
+    #   This property is read-only and follows the following format: `
+    #   arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name
+    #   `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensConfiguration AWS API Documentation
+    #
+    class StorageLensConfiguration < Struct.new(
+      :id,
+      :account_level,
+      :include,
+      :exclude,
+      :data_export,
+      :is_enabled,
+      :aws_org,
+      :storage_lens_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container to specify the properties of your S3 Storage Lens metrics
+    # export, including the destination, schema, and format.
+    #
+    # @note When making an API call, you may pass StorageLensDataExport
+    #   data as a hash:
+    #
+    #       {
+    #         s3_bucket_destination: { # required
+    #           format: "CSV", # required, accepts CSV, Parquet
+    #           output_schema_version: "V_1", # required, accepts V_1
+    #           account_id: "AccountId", # required
+    #           arn: "S3BucketArnString", # required
+    #           prefix: "Prefix",
+    #           encryption: {
+    #             sses3: {
+    #             },
+    #             ssekms: {
+    #               key_id: "SSEKMSKeyId", # required
+    #             },
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] s3_bucket_destination
+    #   A container for the bucket where the S3 Storage Lens metrics export
+    #   will be located.
+    #
+    #   <note markdown="1"> This bucket must be located in the same Region as the storage lens
+    #   configuration.
+    #
+    #    </note>
+    #   @return [Types::S3BucketDestination]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensDataExport AWS API Documentation
+    #
+    class StorageLensDataExport < Struct.new(
+      :s3_bucket_destination)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for the encryption of the S3 Storage Lens metrics exports.
+    #
+    # @note When making an API call, you may pass StorageLensDataExportEncryption
+    #   data as a hash:
+    #
+    #       {
+    #         sses3: {
+    #         },
+    #         ssekms: {
+    #           key_id: "SSEKMSKeyId", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] sses3
+    #   @return [Types::SSES3]
+    #
+    # @!attribute [rw] ssekms
+    #   @return [Types::SSEKMS]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensDataExportEncryption AWS API Documentation
+    #
+    class StorageLensDataExportEncryption < Struct.new(
+      :sses3,
+      :ssekms)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass StorageLensTag
+    #   data as a hash:
+    #
+    #       {
+    #         key: "TagKeyString", # required
+    #         value: "TagValueString", # required
+    #       }
+    #
+    # @!attribute [rw] key
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensTag AWS API Documentation
+    #
+    class StorageLensTag < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass Tagging
+    #   data as a hash:
+    #
+    #       {
+    #         tag_set: [ # required
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] tag_set
+    #   A collection for a set of tags.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Tagging AWS API Documentation
+    #
+    class Tagging < Struct.new(
+      :tag_set)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2293,6 +4668,9 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Amazon S3 throws this exception if you have too many tags in your tag
+    # set.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2304,6 +4682,50 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Specifies when an object transitions to a specified storage class. For
+    # more information about Amazon S3 Lifecycle configuration rules, see [
+    # Transitioning objects using Amazon S3 Lifecycle][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html
+    #
+    # @note When making an API call, you may pass Transition
+    #   data as a hash:
+    #
+    #       {
+    #         date: Time.now,
+    #         days: 1,
+    #         storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #       }
+    #
+    # @!attribute [rw] date
+    #   Indicates when objects are transitioned to the specified storage
+    #   class. The date value must be in ISO 8601 format. The time is always
+    #   midnight UTC.
+    #   @return [Time]
+    #
+    # @!attribute [rw] days
+    #   Indicates the number of days after creation when objects are
+    #   transitioned to the specified storage class. The value must be a
+    #   positive integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] storage_class
+    #   The storage class to which you want the object to transition.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Transition AWS API Documentation
+    #
+    class Transition < Struct.new(
+      :date,
+      :days,
+      :storage_class)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateJobPriorityRequest
     #   data as a hash:
     #