aws-sdk-s3control 1.23.0 → 1.24.0

data/lib/aws-sdk-s3control/errors.rb

@@ -28,6 +28,8 @@ module Aws::S3Control
   #
   # ## Error Classes
   # * {BadRequestException}
+  # * {BucketAlreadyExists}
+  # * {BucketAlreadyOwnedByYou}
   # * {IdempotencyException}
   # * {InternalServiceException}
   # * {InvalidNextTokenException}
@@ -59,6 +61,26 @@ module Aws::S3Control
       end
     end
 
+    class BucketAlreadyExists < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3Control::Types::BucketAlreadyExists] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
+    class BucketAlreadyOwnedByYou < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::S3Control::Types::BucketAlreadyOwnedByYou] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class IdempotencyException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-s3control/plugins/arn.rb

@@ -0,0 +1,215 @@
+# frozen_string_literal: true
+
+require_relative '../arn/outpost_access_point_arn'
+require_relative '../arn/outpost_bucket_arn'
+
+module Aws
+  module S3Control
+    module Plugins
+      # When an ARN is provided for :bucket or :name in S3Control operations,
+      # this plugin resolves the request endpoint from the ARN when possible.
+      # @api private
+      class ARN < Seahorse::Client::Plugin
+        option(
+          :s3_use_arn_region,
+          default: true,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS) do |cfg|
+For S3 and S3 Outposts ARNs passed into the `:bucket` or `:name`
+parameter, this option will use the region in the ARN, allowing
+for cross-region requests to be made. Set to `false` to use the
+client's region instead.
+        DOCS
+          resolve_s3_use_arn_region(cfg)
+        end
+
+        # param validator is validate:50 (required to add account_id from arn)
+        # endpoint is build:90 (populates the URI for the first time)
+        # endpoint pattern is build:10 (prefix account id to host)
+        def add_handlers(handlers, _config)
+          handlers.add(ARNHandler, step: :validate, priority: 75)
+          handlers.add(UrlHandler)
+        end
+
+        class UrlHandler < Seahorse::Client::Handler
+          def call(context)
+            if context.metadata[:s3_arn]
+              ARN.resolve_url!(
+                context.http_request.endpoint,
+                context.metadata[:s3_arn][:arn],
+                context.metadata[:s3_arn][:resolved_region],
+                context.metadata[:s3_arn][:dualstack]
+              )
+            end
+            @handler.call(context)
+          end
+        end
+
+        class ARNHandler < Seahorse::Client::Handler
+          def call(context)
+            arn_member = _arn_member(context.operation.input.shape)
+            if arn_member && (bucket = context.params[arn_member])
+              resolved_region, arn = ARN.resolve_arn!(
+                bucket,
+                context.config.region,
+                context.config.s3_use_arn_region
+              )
+              if arn
+                validate_config!(context, arn)
+
+                if arn.is_a?(OutpostAccessPointARN) ||
+                   arn.is_a?(OutpostBucketARN)
+                  set_outpost_header!(context, arn)
+                  # disable account_id prefix for outposts urls
+                  context.config.disable_host_prefix_injection = true
+                end
+                set_account_param!(context, arn)
+
+                # depending on the ARN's resource type, put the resource value
+                # back onto params
+                context.params[arn_member] = arn.input_member
+
+                context.metadata[:s3_arn] = {
+                  arn: arn,
+                  resolved_region: resolved_region,
+                  dualstack: extract_dualstack_config!(context)
+                }
+              end
+            end
+            @handler.call(context)
+          end
+
+          private
+
+          # This looks for BucketName or AccessPointName, but prefers BucketName
+          # for CreateAccessPoint because it contains both but should not have
+          # an Access Point ARN as AccessPointName.
+          def _arn_member(input)
+            input.members.each do |member, ref|
+              if ref.shape.name == 'BucketName' ||
+                 (ref.shape.name == 'AccessPointName' &&
+                  input.name != 'CreateAccessPointRequest')
+                return member
+              end
+            end
+          end
+
+          # other plugins use dualstack so disable it when we're done
+          def extract_dualstack_config!(context)
+            dualstack = context[:use_dualstack_endpoint]
+            context[:use_dualstack_endpoint] = false if dualstack
+            dualstack
+          end
+
+          def validate_config!(context, arn)
+            unless context.config.regional_endpoint
+              raise ArgumentError,
+                    'Cannot provide both an Access Point ARN and setting '\
+                    ':endpoint.'
+            end
+
+            if !arn.support_dualstack? && context[:use_dualstack_endpoint]
+              raise ArgumentError,
+                    'Cannot provide both an Outpost Access Point ARN and '\
+                    'setting :use_dualstack_endpoint to true.'
+            end
+          end
+
+          def set_outpost_header!(context, arn)
+            context.http_request.headers['x-amz-outpost-id'] = arn.outpost_id
+          end
+
+          def set_account_param!(context, arn)
+            if context.params[:account_id] &&
+               context.params[:account_id] != arn.account_id
+              raise ArgumentError,
+                    'Cannot provide an Account ID that is different from the '\
+                    'Account ID in the ARN.'
+            end
+            context.params[:account_id] = arn.account_id
+          end
+        end
+
+        class << self
+          # @api private
+          def resolve_arn!(member_value, region, use_arn_region)
+            if Aws::ARNParser.arn?(member_value)
+              arn = Aws::ARNParser.parse(member_value)
+              if arn.resource.include?('bucket')
+                s3_arn = Aws::S3Control::OutpostBucketARN.new(arn.to_h)
+              elsif arn.resource.include?('accesspoint')
+                s3_arn = Aws::S3Control::OutpostAccessPointARN.new(arn.to_h)
+              else
+                raise ArgumentError,
+                      'Only Outpost Bucket and Outpost Access Point ARNs are '\
+                      'currently supported.'
+              end
+              s3_arn.validate_arn!
+              validate_region_config!(s3_arn, region, use_arn_region)
+              region = s3_arn.region if use_arn_region
+              [region, s3_arn]
+            else
+              [region]
+            end
+          end
+
+          # @api private
+          def resolve_url!(url, arn, region, dualstack = false)
+            url.host = arn.host_url(region, dualstack)
+            url
+          end
+
+          private
+
+          def resolve_s3_use_arn_region(cfg)
+            value = ENV['AWS_S3_USE_ARN_REGION'] ||
+                    Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
+                    'true'
+            value = Aws::Util.str_2_bool(value)
+            # Raise if provided value is not true or false
+            if value.nil?
+              raise ArgumentError,
+                    'Must provide either `true` or `false` for '\
+                    's3_use_arn_region profile option or for '\
+                    "ENV['AWS_S3_USE_ARN_REGION']"
+            end
+            value
+          end
+
+          def validate_region_config!(arn, region, use_arn_region)
+            fips = arn.support_fips?
+
+            # s3-external-1 is specific just to s3 and not part of partitions
+            # aws-global is a partition region
+            unless arn.partition == 'aws' &&
+                   (region == 's3-external-1' || region == 'aws-global')
+              if !fips && arn.region.include?('fips')
+                raise ArgumentError,
+                      'FIPS region ARNs are not supported for this type of ARN.'
+              end
+
+              if !fips && !use_arn_region && region.include?('fips')
+                raise ArgumentError,
+                      'FIPS client regions are not supported for this type of '\
+                      'ARN without s3_use_arn_region.'
+              end
+
+              # if it's a fips region, attempt to normalize it
+              if fips || use_arn_region
+                region = region.gsub('fips-', '').gsub('-fips', '')
+              end
+              if use_arn_region &&
+                 !Aws::Partitions.partition(arn.partition).region?(region)
+                raise Aws::Errors::InvalidARNPartitionError
+              end
+
+              if !use_arn_region && region != arn.region
+                raise Aws::Errors::InvalidARNRegionError
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3control/plugins/{s3_signer.rb → s3_control_signer.rb}

@@ -7,10 +7,15 @@ module Aws
     module Plugins
       # This plugin is an implementation detail and may be modified.
       # @api private
-      class S3Signer < Seahorse::Client::Plugin
+      class S3ControlSigner < Seahorse::Client::Plugin
+        SPECIAL_OUTPOST_OPERATIONS = [
+          'CreateBucket',
+          'ListRegionalBuckets'
+        ].freeze
 
         option(:sigv4_signer) do |cfg|
-          S3Signer.build_v4_signer(
+          S3ControlSigner.build_v4_signer(
+            service: 's3',
             region: cfg.sigv4_region,
             credentials: cfg.credentials
           )
@@ -22,12 +27,11 @@ module Aws
           Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
         end
 
-        def add_handlers(handlers, cfg)
+        def add_handlers(handlers, _cfg)
           handlers.add(V4Handler, step: :sign)
         end
 
         class V4Handler < Seahorse::Client::Handler
-
           def call(context)
             Aws::Plugins::SignatureV4.apply_signature(
               context: context,
@@ -39,47 +43,48 @@ module Aws
           private
 
           def sigv4_signer(context)
-            # If the client was configured with the wrong region,
-            # we have to build a new signer.
-            if
-              context[:cached_sigv4_region] &&
-                context[:cached_sigv4_region] != context.config.sigv4_signer.region
-              then
-              S3Signer.build_v4_signer(
-                region: context[:cached_sigv4_region],
+            if (arn = context.metadata[:s3_arn]) &&
+               arn[:arn].respond_to?(:outpost_id)
+              S3ControlSigner.build_v4_signer(
+                service: 's3-outposts',
+                region: arn[:resolved_region],
+                credentials: context.config.credentials
+              )
+            elsif outpost_operation?(context)
+              context.http_request.endpoint.host =
+                "s3-outposts.#{context.config.region}.amazonaws.com"
+              S3ControlSigner.build_v4_signer(
+                service: 's3-outposts',
+                region: context.config.region,
                 credentials: context.config.credentials
               )
             else
               context.config.sigv4_signer
             end
           end
+
+          # Some operations do not take an ARN parameter and are special cases
+          # For these operations, the presence of the outpost_id parameter
+          # must trigger special endpoint and signer redirection
+          def outpost_operation?(context)
+            SPECIAL_OUTPOST_OPERATIONS.include?(context.operation.name) &&
+              context.params[:outpost_id]
+          end
         end
 
         class << self
-
           # @option options [required, String] :region
           # @option options [required, #credentials] :credentials
           # @api private
           def build_v4_signer(options = {})
-            Aws::Sigv4::Signer.new({
-              service: 's3',
+            Aws::Sigv4::Signer.new(
+              service: options[:service],
               region: options[:region],
               credentials_provider: options[:credentials],
               uri_escape_path: false,
-              unsigned_headers: ['content-length', 'x-amzn-trace-id'],
-            })
-          end
-
-          def new_hostname(context, region)
-            bucket = context.params[:bucket]
-            if region == 'us-east-1'
-              "#{bucket}.s3.amazonaws.com"
-            else
-              endpoint = Aws::Partitions::EndpointProvider.resolve(region, 's3')
-              bucket + '.' + URI.parse(endpoint).host
-            end
+              unsigned_headers: ['content-length', 'x-amzn-trace-id']
+            )
           end
-
         end
       end
     end

data/lib/aws-sdk-s3control/types.rb

@@ -10,6 +10,28 @@
 module Aws::S3Control
   module Types
 
+    # The container for abort incomplete multipart upload
+    #
+    # @note When making an API call, you may pass AbortIncompleteMultipartUpload
+    #   data as a hash:
+    #
+    #       {
+    #         days_after_initiation: 1,
+    #       }
+    #
+    # @!attribute [rw] days_after_initiation
+    #   Specifies the number of days after which Amazon S3 aborts an
+    #   incomplete multipart upload to the Outposts bucket.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AbortIncompleteMultipartUpload AWS API Documentation
+    #
+    class AbortIncompleteMultipartUpload < Struct.new(
+      :days_after_initiation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # An access point used to access a bucket.
     #
     # @!attribute [rw] name
@@ -34,13 +56,18 @@ module Aws::S3Control
     #   The name of the bucket associated with this access point.
     #   @return [String]
     #
+    # @!attribute [rw] access_point_arn
+    #   The ARN for the access point.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AccessPoint AWS API Documentation
     #
     class AccessPoint < Struct.new(
       :name,
       :network_origin,
       :vpc_configuration,
-      :bucket)
+      :bucket,
+      :access_point_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -56,6 +83,21 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # The requested Outposts bucket name is not available. The bucket
+    # namespace is shared by all users of the AWS Outposts in this Region.
+    # Select a different name and try again.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketAlreadyExists AWS API Documentation
+    #
+    class BucketAlreadyExists < Aws::EmptyStructure; end
+
+    # The Outposts bucket you tried to create already exists, and you own
+    # it.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/BucketAlreadyOwnedByYou AWS API Documentation
+    #
+    class BucketAlreadyOwnedByYou < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass CreateAccessPointRequest
     #   data as a hash:
     #
@@ -86,11 +128,25 @@ module Aws::S3Control
     # @!attribute [rw] bucket
     #   The name of the bucket that you want to associate this access point
     #   with.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] vpc_configuration
     #   If you include this field, Amazon S3 restricts access to this access
     #   point to requests from the specified virtual private cloud (VPC).
+    #
+    #   <note markdown="1"> This is required for creating an access point for Amazon S3 on
+    #   Outposts buckets.
+    #
+    #    </note>
     #   @return [Types::VpcConfiguration]
     #
     # @!attribute [rw] public_access_block_configuration
@@ -98,7 +154,9 @@ module Aws::S3Control
     #   Amazon S3 bucket. You can enable the configuration options in any
     #   combination. For more information about when Amazon S3 considers a
     #   bucket or object public, see [The Meaning of "Public"][1] in the
-    #   Amazon Simple Storage Service Developer Guide.
+    #   *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -117,6 +175,189 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @!attribute [rw] access_point_arn
+    #   The ARN of the access point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessPointResult AWS API Documentation
+    #
+    class CreateAccessPointResult < Struct.new(
+      :access_point_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the bucket configuration.
+    #
+    # <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #  </note>
+    #
+    # @note When making an API call, you may pass CreateBucketConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #       }
+    #
+    # @!attribute [rw] location_constraint
+    #   Specifies the Region where the bucket will be created. If you are
+    #   creating a bucket on the US East (N. Virginia) Region (us-east-1),
+    #   you do not need to specify the location.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketConfiguration AWS API Documentation
+    #
+    class CreateBucketConfiguration < Struct.new(
+      :location_constraint)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass CreateBucketRequest
+    #   data as a hash:
+    #
+    #       {
+    #         acl: "private", # accepts private, public-read, public-read-write, authenticated-read
+    #         bucket: "BucketName", # required
+    #         create_bucket_configuration: {
+    #           location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
+    #         },
+    #         grant_full_control: "GrantFullControl",
+    #         grant_read: "GrantRead",
+    #         grant_read_acp: "GrantReadACP",
+    #         grant_write: "GrantWrite",
+    #         grant_write_acp: "GrantWriteACP",
+    #         object_lock_enabled_for_bucket: false,
+    #         outpost_id: "NonEmptyMaxLength64String",
+    #       }
+    #
+    # @!attribute [rw] acl
+    #   The canned ACL to apply to the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_bucket_configuration
+    #   The configuration information for the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Types::CreateBucketConfiguration]
+    #
+    # @!attribute [rw] grant_full_control
+    #   Allows grantee the read, write, read ACP, and write ACP permissions
+    #   on the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_read
+    #   Allows grantee to list the objects in the bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_read_acp
+    #   Allows grantee to read the bucket ACL.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_write
+    #   Allows grantee to create, overwrite, and delete any object in the
+    #   bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_write_acp
+    #   Allows grantee to write the ACL for the applicable bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] object_lock_enabled_for_bucket
+    #   Specifies whether you want S3 Object Lock to be enabled for the new
+    #   bucket.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] outpost_id
+    #   The ID of the Outposts where the bucket is being created.
+    #
+    #   <note markdown="1"> This is required by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketRequest AWS API Documentation
+    #
+    class CreateBucketRequest < Struct.new(
+      :acl,
+      :bucket,
+      :create_bucket_configuration,
+      :grant_full_control,
+      :grant_read,
+      :grant_read_acp,
+      :grant_write,
+      :grant_write_acp,
+      :object_lock_enabled_for_bucket,
+      :outpost_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] location
+    #   The location of the bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateBucketResult AWS API Documentation
+    #
+    class CreateBucketResult < Struct.new(
+      :location,
+      :bucket_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateJobRequest
     #   data as a hash:
     #
@@ -250,6 +491,7 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The AWS account ID that creates the job.
     #   @return [String]
     #
     # @!attribute [rw] confirmation_required
@@ -261,8 +503,8 @@ module Aws::S3Control
     # @!attribute [rw] operation
     #   The operation that you want this job to perform on each object
     #   listed in the manifest. For more information about the available
-    #   operations, see [Available Operations][1] in the *Amazon Simple
-    #   Storage Service Developer Guide*.
+    #   operations, see [Operations][1] in the *Amazon Simple Storage
+    #   Service Developer Guide*.
     #
     #
     #
@@ -299,13 +541,13 @@ module Aws::S3Control
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) for the AWS Identity and Access
-    #   Management (IAM) role that Batch Operations will use to execute this
+    #   Management (IAM) role that Batch Operations will use to run this
     #   job's operation on each object in the manifest.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   A set of tags to associate with the Amazon S3 Batch Operations job.
-    #   This is an optional parameter.
+    #   A set of tags to associate with the S3 Batch Operations job. This is
+    #   an optional parameter.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateJobRequest AWS API Documentation
@@ -352,6 +594,15 @@ module Aws::S3Control
     #
     # @!attribute [rw] name
     #   The name of the access point whose policy you want to delete.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the access point
+    #   accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointPolicyRequest AWS API Documentation
@@ -377,6 +628,15 @@ module Aws::S3Control
     #
     # @!attribute [rw] name
     #   The name of the access point you want to delete.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the access point
+    #   accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointRequest AWS API Documentation
@@ -388,6 +648,142 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteBucketLifecycleConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the lifecycle configuration to delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The bucket ARN of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketLifecycleConfigurationRequest AWS API Documentation
+    #
+    class DeleteBucketLifecycleConfigurationRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteBucketPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The ARN of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketPolicyRequest AWS API Documentation
+    #
+    class DeleteBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteBucketRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID that owns the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   Specifies the bucket being deleted.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketRequest AWS API Documentation
+    #
+    class DeleteBucketRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteBucketTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket tag set to be removed.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The bucket ARN that has the tag set to be removed.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteBucketTaggingRequest AWS API Documentation
+    #
+    class DeleteBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteJobTaggingRequest
     #   data as a hash:
     #
@@ -397,12 +793,11 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   The ID for the S3 Batch Operations job whose tags you want to
     #   delete.
     #   @return [String]
     #
@@ -427,8 +822,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to remove.
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to remove.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeletePublicAccessBlockRequest AWS API Documentation
@@ -490,6 +885,15 @@ module Aws::S3Control
     #
     # @!attribute [rw] name
     #   The name of the access point whose policy you want to retrieve.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the access point
+    #   accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyRequest AWS API Documentation
@@ -566,6 +970,15 @@ module Aws::S3Control
     # @!attribute [rw] name
     #   The name of the access point whose configuration information you
     #   want to retrieve.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the access point
+    #   accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointRequest AWS API Documentation
@@ -592,6 +1005,8 @@ module Aws::S3Control
     #   access from the public internet. Otherwise, `NetworkOrigin` is
     #   `Internet`, and the access point allows access from the public
     #   internet, subject to the access point and bucket access policies.
+    #
+    #   This will always be true for an Amazon S3 on Outposts access point
     #   @return [String]
     #
     # @!attribute [rw] vpc_configuration
@@ -604,7 +1019,9 @@ module Aws::S3Control
     #   Amazon S3 bucket. You can enable the configuration options in any
     #   combination. For more information about when Amazon S3 considers a
     #   bucket or object public, see [The Meaning of "Public"][1] in the
-    #   Amazon Simple Storage Service Developer Guide.
+    #   *Amazon Simple Storage Service Developer Guide*.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -628,6 +1045,199 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetBucketLifecycleConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketLifecycleConfigurationRequest AWS API Documentation
+    #
+    class GetBucketLifecycleConfigurationRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] rules
+    #   Container for the lifecycle rule of the Outposts bucket.
+    #   @return [Array<Types::LifecycleRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketLifecycleConfigurationResult AWS API Documentation
+    #
+    class GetBucketLifecycleConfigurationResult < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The ARN of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketPolicyRequest AWS API Documentation
+    #
+    class GetBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   The policy of the Outposts bucket.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketPolicyResult AWS API Documentation
+    #
+    class GetBucketPolicyResult < Struct.new(
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The ARN of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketRequest AWS API Documentation
+    #
+    class GetBucketRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] bucket
+    #   The Outposts bucket requested.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_enabled
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] creation_date
+    #   The creation date of the Outposts bucket.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketResult AWS API Documentation
+    #
+    class GetBucketResult < Struct.new(
+      :bucket,
+      :public_access_block_enabled,
+      :creation_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetBucketTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The ARN of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketTaggingRequest AWS API Documentation
+    #
+    class GetBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tag_set
+    #   The tags set of the Outposts bucket.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetBucketTaggingResult AWS API Documentation
+    #
+    class GetBucketTaggingResult < Struct.new(
+      :tag_set)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetJobTaggingRequest
     #   data as a hash:
     #
@@ -637,12 +1247,11 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   The ID for the S3 Batch Operations job whose tags you want to
     #   retrieve.
     #   @return [String]
     #
@@ -656,7 +1265,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] tags
-    #   The set of tags associated with the Amazon S3 Batch Operations job.
+    #   The set of tags associated with the S3 Batch Operations job.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetJobTaggingResult AWS API Documentation
@@ -669,7 +1278,7 @@ module Aws::S3Control
 
     # @!attribute [rw] public_access_block_configuration
     #   The `PublicAccessBlock` configuration currently in effect for this
-    #   Amazon Web Services account.
+    #   AWS account.
     #   @return [Types::PublicAccessBlockConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockOutput AWS API Documentation
@@ -688,8 +1297,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to retrieve.
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to retrieve.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetPublicAccessBlockRequest AWS API Documentation
@@ -776,7 +1385,7 @@ module Aws::S3Control
     #   @return [Types::JobManifest]
     #
     # @!attribute [rw] operation
-    #   The operation that the specified job is configured to execute on the
+    #   The operation that the specified job is configured to run on the
     #   objects listed in the manifest.
     #   @return [Types::JobOperation]
     #
@@ -785,12 +1394,13 @@ module Aws::S3Control
     #   @return [Integer]
     #
     # @!attribute [rw] progress_summary
-    #   Describes the total number of tasks that the specified job has
-    #   executed, the number of tasks that succeeded, and the number of
-    #   tasks that failed.
+    #   Describes the total number of tasks that the specified job has run,
+    #   the number of tasks that succeeded, and the number of tasks that
+    #   failed.
     #   @return [Types::JobProgressSummary]
     #
     # @!attribute [rw] status_update_reason
+    #   The reason for updating the job.
     #   @return [String]
     #
     # @!attribute [rw] failure_reasons
@@ -815,7 +1425,7 @@ module Aws::S3Control
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) for the AWS Identity and Access
-    #   Management (IAM) role assigned to execute the tasks for this job.
+    #   Management (IAM) role assigned to run the tasks for this job.
     #   @return [String]
     #
     # @!attribute [rw] suspended_date
@@ -909,9 +1519,9 @@ module Aws::S3Control
     #   @return [Time]
     #
     # @!attribute [rw] progress_summary
-    #   Describes the total number of tasks that the specified job has
-    #   executed, the number of tasks that succeeded, and the number of
-    #   tasks that failed.
+    #   Describes the total number of tasks that the specified job has run,
+    #   the number of tasks that succeeded, and the number of tasks that
+    #   failed.
     #   @return [Types::JobProgressSummary]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobListDescriptor AWS API Documentation
@@ -1033,8 +1643,8 @@ module Aws::S3Control
 
     # The operation that you want this job to perform on each object listed
     # in the manifest. For more information about the available operations,
-    # see [Available Operations][1] in the *Amazon Simple Storage Service
-    # Developer Guide*.
+    # see [Operations][1] in the *Amazon Simple Storage Service Developer
+    # Guide*.
     #
     #
     #
@@ -1146,45 +1756,48 @@ module Aws::S3Control
     #   @return [Types::LambdaInvokeOperation]
     #
     # @!attribute [rw] s3_put_object_copy
-    #   Directs the specified job to execute a PUT Copy object call on each
+    #   Directs the specified job to run a PUT Copy object call on each
     #   object in the manifest.
     #   @return [Types::S3CopyObjectOperation]
     #
     # @!attribute [rw] s3_put_object_acl
-    #   Directs the specified job to execute a PUT Object acl call on each
+    #   Directs the specified job to run a PUT Object acl call on each
     #   object in the manifest.
     #   @return [Types::S3SetObjectAclOperation]
     #
     # @!attribute [rw] s3_put_object_tagging
-    #   Directs the specified job to execute a PUT Object tagging call on
-    #   each object in the manifest.
+    #   Directs the specified job to run a PUT Object tagging call on each
+    #   object in the manifest.
     #   @return [Types::S3SetObjectTaggingOperation]
     #
     # @!attribute [rw] s3_initiate_restore_object
-    #   Directs the specified job to execute an Initiate Glacier Restore
-    #   call on each object in the manifest.
+    #   Directs the specified job to run an Initiate Glacier Restore call on
+    #   each object in the manifest.
     #   @return [Types::S3InitiateRestoreObjectOperation]
     #
     # @!attribute [rw] s3_put_object_legal_hold
-    #   Contains the configuration parameters for a Set Object Legal Hold
-    #   operation. Amazon S3 Batch Operations passes each value through to
-    #   the underlying PUT Object Legal Hold API. For more information about
-    #   the parameters for this operation, see [PUT Object Legal Hold][1].
+    #   Contains the configuration for an S3 Object Lock legal hold
+    #   operation that an S3 Batch Operations job passes each object through
+    #   to the underlying `PutObjectLegalHold` API. For more information,
+    #   see [Using S3 Object Lock legal hold with S3 Batch Operations][1] in
+    #   the *Amazon Simple Storage Service Developer Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-legal-hold.html
     #   @return [Types::S3SetObjectLegalHoldOperation]
     #
     # @!attribute [rw] s3_put_object_retention
-    #   Contains the configuration parameters for a Set Object Retention
-    #   operation. Amazon S3 Batch Operations passes each value through to
-    #   the underlying PUT Object Retention API. For more information about
-    #   the parameters for this operation, see [PUT Object Retention][1].
+    #   Contains the configuration parameters for the Object Lock retention
+    #   action for an S3 Batch Operations job. Batch Operations passes each
+    #   value through to the underlying `PutObjectRetention` API. For more
+    #   information, see [Using S3 Object Lock retention with S3 Batch
+    #   Operations][1] in the *Amazon Simple Storage Service Developer
+    #   Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #   @return [Types::S3SetObjectRetentionOperation]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/JobOperation AWS API Documentation
@@ -1202,7 +1815,7 @@ module Aws::S3Control
     end
 
     # Describes the total number of tasks that the specified job has
-    # executed, the number of tasks that succeeded, and the number of tasks
+    # started, the number of tasks that succeeded, and the number of tasks
     # that failed.
     #
     # @!attribute [rw] total_number_of_tasks
@@ -1253,9 +1866,8 @@ module Aws::S3Control
     #
     # @!attribute [rw] prefix
     #   An optional prefix to describe where in the specified bucket the
-    #   job-completion report will be stored. Amazon S3 will store the
-    #   job-completion report at
-    #   &lt;prefix&gt;/job-&lt;job-id&gt;/report.json.
+    #   job-completion report will be stored. Amazon S3 stores the
+    #   job-completion report at `<prefix>/job-<job-id>/report.json`.
     #   @return [String]
     #
     # @!attribute [rw] report_scope
@@ -1300,10 +1912,316 @@ module Aws::S3Control
     #   specified job will invoke for each object in the manifest.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LambdaInvokeOperation AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LambdaInvokeOperation AWS API Documentation
+    #
+    class LambdaInvokeOperation < Struct.new(
+      :function_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle configuration.
+    #
+    # @note When making an API call, you may pass LifecycleConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         rules: [
+    #           {
+    #             expiration: {
+    #               date: Time.now,
+    #               days: 1,
+    #               expired_object_delete_marker: false,
+    #             },
+    #             id: "ID",
+    #             filter: {
+    #               prefix: "Prefix",
+    #               tag: {
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
+    #               },
+    #               and: {
+    #                 prefix: "Prefix",
+    #                 tags: [
+    #                   {
+    #                     key: "TagKeyString", # required
+    #                     value: "TagValueString", # required
+    #                   },
+    #                 ],
+    #               },
+    #             },
+    #             status: "Enabled", # required, accepts Enabled, Disabled
+    #             transitions: [
+    #               {
+    #                 date: Time.now,
+    #                 days: 1,
+    #                 storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #               },
+    #             ],
+    #             noncurrent_version_transitions: [
+    #               {
+    #                 noncurrent_days: 1,
+    #                 storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #               },
+    #             ],
+    #             noncurrent_version_expiration: {
+    #               noncurrent_days: 1,
+    #             },
+    #             abort_incomplete_multipart_upload: {
+    #               days_after_initiation: 1,
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] rules
+    #   A lifecycle rule for individual objects in an Outposts bucket.
+    #   @return [Array<Types::LifecycleRule>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleConfiguration AWS API Documentation
+    #
+    class LifecycleConfiguration < Struct.new(
+      :rules)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container of the Outposts bucket lifecycle expiration.
+    #
+    # @note When making an API call, you may pass LifecycleExpiration
+    #   data as a hash:
+    #
+    #       {
+    #         date: Time.now,
+    #         days: 1,
+    #         expired_object_delete_marker: false,
+    #       }
+    #
+    # @!attribute [rw] date
+    #   Indicates at what date the object is to be deleted. Should be in GMT
+    #   ISO 8601 format.
+    #   @return [Time]
+    #
+    # @!attribute [rw] days
+    #   Indicates the lifetime, in days, of the objects that are subject to
+    #   the rule. The value must be a non-zero positive integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] expired_object_delete_marker
+    #   Indicates whether Amazon S3 will remove a delete marker with no
+    #   noncurrent versions. If set to true, the delete marker will be
+    #   expired. If set to false, the policy takes no action. This cannot be
+    #   specified with Days or Date in a Lifecycle Expiration Policy.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleExpiration AWS API Documentation
+    #
+    class LifecycleExpiration < Struct.new(
+      :date,
+      :days,
+      :expired_object_delete_marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle rule.
+    #
+    # @note When making an API call, you may pass LifecycleRule
+    #   data as a hash:
+    #
+    #       {
+    #         expiration: {
+    #           date: Time.now,
+    #           days: 1,
+    #           expired_object_delete_marker: false,
+    #         },
+    #         id: "ID",
+    #         filter: {
+    #           prefix: "Prefix",
+    #           tag: {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #           and: {
+    #             prefix: "Prefix",
+    #             tags: [
+    #               {
+    #                 key: "TagKeyString", # required
+    #                 value: "TagValueString", # required
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         status: "Enabled", # required, accepts Enabled, Disabled
+    #         transitions: [
+    #           {
+    #             date: Time.now,
+    #             days: 1,
+    #             storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #           },
+    #         ],
+    #         noncurrent_version_transitions: [
+    #           {
+    #             noncurrent_days: 1,
+    #             storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #           },
+    #         ],
+    #         noncurrent_version_expiration: {
+    #           noncurrent_days: 1,
+    #         },
+    #         abort_incomplete_multipart_upload: {
+    #           days_after_initiation: 1,
+    #         },
+    #       }
+    #
+    # @!attribute [rw] expiration
+    #   Specifies the expiration for the lifecycle of the object in the form
+    #   of date, days and, whether the object has a delete marker.
+    #   @return [Types::LifecycleExpiration]
+    #
+    # @!attribute [rw] id
+    #   Unique identifier for the rule. The value cannot be longer than 255
+    #   characters.
+    #   @return [String]
+    #
+    # @!attribute [rw] filter
+    #   The container for the filter of lifecycle rule.
+    #   @return [Types::LifecycleRuleFilter]
+    #
+    # @!attribute [rw] status
+    #   If 'Enabled', the rule is currently being applied. If
+    #   'Disabled', the rule is not currently being applied.
+    #   @return [String]
+    #
+    # @!attribute [rw] transitions
+    #   Specifies when an Amazon S3 object transitions to a specified
+    #   storage class.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Array<Types::Transition>]
+    #
+    # @!attribute [rw] noncurrent_version_transitions
+    #   Specifies the transition rule for the lifecycle rule that describes
+    #   when noncurrent objects transition to a specific storage class. If
+    #   your bucket is versioning-enabled (or versioning is suspended), you
+    #   can set this action to request that Amazon S3 transition noncurrent
+    #   object versions to a specific storage class at a set period in the
+    #   object's lifetime.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Array<Types::NoncurrentVersionTransition>]
+    #
+    # @!attribute [rw] noncurrent_version_expiration
+    #   The noncurrent version expiration of the lifecycle rule.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Types::NoncurrentVersionExpiration]
+    #
+    # @!attribute [rw] abort_incomplete_multipart_upload
+    #   Specifies the days since the initiation of an incomplete multipart
+    #   upload that Amazon S3 waits before permanently removing all parts of
+    #   the upload. For more information, see [ Aborting Incomplete
+    #   Multipart Uploads Using a Bucket Lifecycle Policy][1] in the *Amazon
+    #   Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config
+    #   @return [Types::AbortIncompleteMultipartUpload]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRule AWS API Documentation
+    #
+    class LifecycleRule < Struct.new(
+      :expiration,
+      :id,
+      :filter,
+      :status,
+      :transitions,
+      :noncurrent_version_transitions,
+      :noncurrent_version_expiration,
+      :abort_incomplete_multipart_upload)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the Outposts bucket lifecycle rule and operator.
+    #
+    # @note When making an API call, you may pass LifecycleRuleAndOperator
+    #   data as a hash:
+    #
+    #       {
+    #         prefix: "Prefix",
+    #         tags: [
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] prefix
+    #   Prefix identifying one or more objects to which the rule applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   All of these tags must exist in the object's tag set in order for
+    #   the rule to apply.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRuleAndOperator AWS API Documentation
+    #
+    class LifecycleRuleAndOperator < Struct.new(
+      :prefix,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the filter of the lifecycle rule.
+    #
+    # @note When making an API call, you may pass LifecycleRuleFilter
+    #   data as a hash:
+    #
+    #       {
+    #         prefix: "Prefix",
+    #         tag: {
+    #           key: "TagKeyString", # required
+    #           value: "TagValueString", # required
+    #         },
+    #         and: {
+    #           prefix: "Prefix",
+    #           tags: [
+    #             {
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] prefix
+    #   Prefix identifying one or more objects to which the rule applies.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag
+    #   @return [Types::S3Tag]
+    #
+    # @!attribute [rw] and
+    #   The container for the `AND` condition for the lifecycle rule.
+    #   @return [Types::LifecycleRuleAndOperator]
     #
-    class LambdaInvokeOperation < Struct.new(
-      :function_arn)
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/LifecycleRuleFilter AWS API Documentation
+    #
+    class LifecycleRuleFilter < Struct.new(
+      :prefix,
+      :tag,
+      :and)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1326,6 +2244,15 @@ module Aws::S3Control
     # @!attribute [rw] bucket
     #   The name of the bucket whose associated access points you want to
     #   list.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -1361,9 +2288,9 @@ module Aws::S3Control
     #
     # @!attribute [rw] next_token
     #   If the specified bucket has more access points than can be returned
-    #   in one call to this API, then this field contains a continuation
-    #   token that you can provide in subsequent calls to this API to
-    #   retrieve additional access points.
+    #   in one call to this API, this field contains a continuation token
+    #   that you can provide in subsequent calls to this API to retrieve
+    #   additional access points.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessPointsResult AWS API Documentation
@@ -1437,6 +2364,64 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListRegionalBucketsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         next_token: "NonEmptyMaxLength1024String",
+    #         max_results: 1,
+    #         outpost_id: "NonEmptyMaxLength64String",
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   @return [Integer]
+    #
+    # @!attribute [rw] outpost_id
+    #   The ID of the AWS Outposts.
+    #
+    #   <note markdown="1"> This is required by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListRegionalBucketsRequest AWS API Documentation
+    #
+    class ListRegionalBucketsRequest < Struct.new(
+      :account_id,
+      :next_token,
+      :max_results,
+      :outpost_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] regional_bucket_list
+    #   @return [Array<Types::RegionalBucket>]
+    #
+    # @!attribute [rw] next_token
+    #   `NextToken` is sent when `isTruncated` is true, which means there
+    #   are more buckets that can be listed. The next list requests to
+    #   Amazon S3 can be continued with this `NextToken`. `NextToken` is
+    #   obfuscated and is not a real key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListRegionalBucketsResult AWS API Documentation
+    #
+    class ListRegionalBucketsResult < Struct.new(
+      :regional_bucket_list,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Amazon S3 throws this exception if you make a `GetPublicAccessBlock`
     # request against an account that doesn't have a
     # `PublicAccessBlockConfiguration` set.
@@ -1452,6 +2437,70 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # The container of the noncurrent version expiration.
+    #
+    # @note When making an API call, you may pass NoncurrentVersionExpiration
+    #   data as a hash:
+    #
+    #       {
+    #         noncurrent_days: 1,
+    #       }
+    #
+    # @!attribute [rw] noncurrent_days
+    #   Specifies the number of days an object is noncurrent before Amazon
+    #   S3 can perform the associated action. For information about the
+    #   noncurrent days calculations, see [How Amazon S3 Calculates When an
+    #   Object Became Noncurrent][1] in the *Amazon Simple Storage Service
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoncurrentVersionExpiration AWS API Documentation
+    #
+    class NoncurrentVersionExpiration < Struct.new(
+      :noncurrent_days)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The container for the noncurrent version transition.
+    #
+    # @note When making an API call, you may pass NoncurrentVersionTransition
+    #   data as a hash:
+    #
+    #       {
+    #         noncurrent_days: 1,
+    #         storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #       }
+    #
+    # @!attribute [rw] noncurrent_days
+    #   Specifies the number of days an object is noncurrent before Amazon
+    #   S3 can perform the associated action. For information about the
+    #   noncurrent days calculations, see [ How Amazon S3 Calculates How
+    #   Long an Object Has Been Noncurrent][1] in the *Amazon Simple Storage
+    #   Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations
+    #   @return [Integer]
+    #
+    # @!attribute [rw] storage_class
+    #   The class of storage used to store the object.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/NoncurrentVersionTransition AWS API Documentation
+    #
+    class NoncurrentVersionTransition < Struct.new(
+      :noncurrent_days,
+      :storage_class)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -1487,7 +2536,9 @@ module Aws::S3Control
     # Amazon S3 bucket. You can enable the configuration options in any
     # combination. For more information about when Amazon S3 considers a
     # bucket or object public, see [The Meaning of "Public"][1] in the
-    # Amazon Simple Storage Service Developer Guide.
+    # *Amazon Simple Storage Service Developer Guide*.
+    #
+    # This is not supported for Amazon S3 on Outposts.
     #
     #
     #
@@ -1516,6 +2567,8 @@ module Aws::S3Control
     #   * PUT Bucket calls fail if the request includes a public ACL.
     #
     #   Enabling this setting doesn't affect existing policies or ACLs.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] ignore_public_acls
@@ -1526,6 +2579,8 @@ module Aws::S3Control
     #
     #   Enabling this setting doesn't affect the persistence of any
     #   existing ACLs and doesn't prevent new public ACLs from being set.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] block_public_policy
@@ -1535,6 +2590,8 @@ module Aws::S3Control
     #   bucket policy allows public access.
     #
     #   Enabling this setting doesn't affect existing bucket policies.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @!attribute [rw] restrict_public_buckets
@@ -1547,6 +2604,8 @@ module Aws::S3Control
     #   policies, except that public and cross-account access within any
     #   public bucket policy, including non-public delegation to specific
     #   accounts, is blocked.
+    #
+    #   This is not supported for Amazon S3 on Outposts.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PublicAccessBlockConfiguration AWS API Documentation
@@ -1577,6 +2636,15 @@ module Aws::S3Control
     # @!attribute [rw] name
     #   The name of the access point that you want to associate with the
     #   specified policy.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the access point
+    #   accessed in the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>`.
+    #   For example, to access the access point `reports-ap` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap`.
+    #   The value must be URL encoded.
     #   @return [String]
     #
     # @!attribute [rw] policy
@@ -1600,6 +2668,181 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutBucketLifecycleConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         lifecycle_configuration: {
+    #           rules: [
+    #             {
+    #               expiration: {
+    #                 date: Time.now,
+    #                 days: 1,
+    #                 expired_object_delete_marker: false,
+    #               },
+    #               id: "ID",
+    #               filter: {
+    #                 prefix: "Prefix",
+    #                 tag: {
+    #                   key: "TagKeyString", # required
+    #                   value: "TagValueString", # required
+    #                 },
+    #                 and: {
+    #                   prefix: "Prefix",
+    #                   tags: [
+    #                     {
+    #                       key: "TagKeyString", # required
+    #                       value: "TagValueString", # required
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #               status: "Enabled", # required, accepts Enabled, Disabled
+    #               transitions: [
+    #                 {
+    #                   date: Time.now,
+    #                   days: 1,
+    #                   storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #                 },
+    #               ],
+    #               noncurrent_version_transitions: [
+    #                 {
+    #                   noncurrent_days: 1,
+    #                   storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #                 },
+    #               ],
+    #               noncurrent_version_expiration: {
+    #                 noncurrent_days: 1,
+    #               },
+    #               abort_incomplete_multipart_upload: {
+    #                 days_after_initiation: 1,
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the bucket for which to set the configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] lifecycle_configuration
+    #   Container for lifecycle rules. You can add as many as 1,000 rules.
+    #   @return [Types::LifecycleConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketLifecycleConfigurationRequest AWS API Documentation
+    #
+    class PutBucketLifecycleConfigurationRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :lifecycle_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         confirm_remove_self_bucket_access: false,
+    #         policy: "Policy", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The ARN of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] confirm_remove_self_bucket_access
+    #   Set this parameter to true to confirm that you want to remove your
+    #   permissions to change this bucket policy in the future.
+    #
+    #   <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] policy
+    #   The bucket policy as a JSON document.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketPolicyRequest AWS API Documentation
+    #
+    class PutBucketPolicyRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :confirm_remove_self_bucket_access,
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutBucketTaggingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         bucket: "BucketName", # required
+    #         tagging: { # required
+    #           tag_set: [ # required
+    #             {
+    #               key: "TagKeyString", # required
+    #               value: "TagValueString", # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID of the Outposts bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The Amazon Resource Name (ARN) of the bucket.
+    #
+    #   For Amazon S3 on Outposts specify the ARN of the bucket accessed in
+    #   the format
+    #   `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name>`.
+    #   For example, to access the bucket `reports` through outpost
+    #   `my-outpost` owned by account `123456789012` in Region `us-west-2`,
+    #   use the URL encoding of
+    #   `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports`.
+    #   The value must be URL encoded.
+    #   @return [String]
+    #
+    # @!attribute [rw] tagging
+    #   @return [Types::Tagging]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutBucketTaggingRequest AWS API Documentation
+    #
+    class PutBucketTaggingRequest < Struct.new(
+      :account_id,
+      :bucket,
+      :tagging)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutJobTaggingRequest
     #   data as a hash:
     #
@@ -1615,18 +2858,16 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
-    #   The AWS account ID associated with the Amazon S3 Batch Operations
-    #   job.
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
-    #   The ID for the Amazon S3 Batch Operations job whose tags you want to
+    #   The ID for the S3 Batch Operations job whose tags you want to
     #   replace.
     #   @return [String]
     #
     # @!attribute [rw] tags
-    #   The set of tags to associate with the Amazon S3 Batch Operations
-    #   job.
+    #   The set of tags to associate with the S3 Batch Operations job.
     #   @return [Array<Types::S3Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutJobTaggingRequest AWS API Documentation
@@ -1658,12 +2899,12 @@ module Aws::S3Control
     #
     # @!attribute [rw] public_access_block_configuration
     #   The `PublicAccessBlock` configuration that you want to apply to the
-    #   specified Amazon Web Services account.
+    #   specified AWS account.
     #   @return [Types::PublicAccessBlockConfiguration]
     #
     # @!attribute [rw] account_id
-    #   The account ID for the Amazon Web Services account whose
-    #   `PublicAccessBlock` configuration you want to set.
+    #   The account ID for the AWS account whose `PublicAccessBlock`
+    #   configuration you want to set.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutPublicAccessBlockRequest AWS API Documentation
@@ -1675,6 +2916,38 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # The container for the regional bucket.
+    #
+    # @!attribute [rw] bucket
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket_arn
+    #   The Amazon Resource Name (ARN) for the regional bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_enabled
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] creation_date
+    #   The creation date of the regional bucket
+    #   @return [Time]
+    #
+    # @!attribute [rw] outpost_id
+    #   The AWS Outposts ID of the regional bucket.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/RegionalBucket AWS API Documentation
+    #
+    class RegionalBucket < Struct.new(
+      :bucket,
+      :bucket_arn,
+      :public_access_block_enabled,
+      :creation_date,
+      :outpost_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass S3AccessControlList
     #   data as a hash:
     #
@@ -1749,9 +3022,9 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for a PUT Copy object operation.
-    # Amazon S3 Batch Operations passes each value through to the underlying
-    # PUT Copy object API. For more information about the parameters for
-    # this operation, see [PUT Object - Copy][1].
+    # S3 Batch Operations passes each value through to the underlying PUT
+    # Copy object API. For more information about the parameters for this
+    # operation, see [PUT Object - Copy][1].
     #
     #
     #
@@ -1847,18 +3120,18 @@ module Aws::S3Control
     #   @return [String]
     #
     # @!attribute [rw] object_lock_legal_hold_status
-    #   The Legal Hold status to be applied to all objects in the Batch
+    #   The legal hold status to be applied to all objects in the Batch
     #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_mode
-    #   The Retention mode to be applied to all objects in the Batch
+    #   The retention mode to be applied to all objects in the Batch
     #   Operations job.
     #   @return [String]
     #
     # @!attribute [rw] object_lock_retain_until_date
-    #   The date when the applied Object Retention configuration will expire
-    #   on all objects in the Batch Operations job.
+    #   The date when the applied object retention configuration expires on
+    #   all objects in the Batch Operations job.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3CopyObjectOperation AWS API Documentation
@@ -1940,9 +3213,9 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for an Initiate Glacier Restore
-    # job. Amazon S3 Batch Operations passes each value through to the
-    # underlying POST Object restore API. For more information about the
-    # parameters for this operation, see [Restoring Archives][1].
+    # job. S3 Batch Operations passes each value through to the underlying
+    # POST Object restore API. For more information about the parameters for
+    # this operation, see [RestoreObject][1].
     #
     #
     #
@@ -1971,6 +3244,9 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Whether S3 Object Lock legal hold will be applied to objects in an S3
+    # Batch Operations job.
+    #
     # @note When making an API call, you may pass S3ObjectLockLegalHold
     #   data as a hash:
     #
@@ -1979,8 +3255,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] status
-    #   The Legal Hold status to be applied to all objects in the Batch
-    #   Operations job.
+    #   The Object Lock legal hold status to be applied to all objects in
+    #   the Batch Operations job.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3ObjectLockLegalHold AWS API Documentation
@@ -2084,6 +3360,17 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Contains the S3 Object Lock retention mode to be applied to all
+    # objects in the S3 Batch Operations job. If you don't provide `Mode`
+    # and `RetainUntilDate` data types in your operation, you will remove
+    # the retention from your objects. For more information, see [Using S3
+    # Object Lock retention with S3 Batch Operations][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
+    #
     # @note When making an API call, you may pass S3Retention
     #   data as a hash:
     #
@@ -2093,13 +3380,13 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] retain_until_date
-    #   The date when the applied Object Retention will expire on all
-    #   objects in the Batch Operations job.
+    #   The date when the applied Object Lock retention will expire on all
+    #   objects set by the Batch Operations job.
     #   @return [Time]
     #
     # @!attribute [rw] mode
-    #   The Retention mode to be applied to all objects in the Batch
-    #   Operations job.
+    #   The Object Lock retention mode to be applied to all objects in the
+    #   Batch Operations job.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3Retention AWS API Documentation
@@ -2112,8 +3399,8 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for a Set Object ACL operation.
-    # Amazon S3 Batch Operations passes each value through to the underlying
-    # PUT Object acl API. For more information about the parameters for this
+    # S3 Batch Operations passes each value through to the underlying PUT
+    # Object acl API. For more information about the parameters for this
     # operation, see [PUT Object acl][1].
     #
     #
@@ -2156,14 +3443,15 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a Set Object Legal Hold
-    # operation. Amazon S3 Batch Operations passes each value through to the
-    # underlying PUT Object Legal Hold API. For more information about the
-    # parameters for this operation, see [PUT Object Legal Hold][1].
+    # Contains the configuration for an S3 Object Lock legal hold operation
+    # that an S3 Batch Operations job passes each object through to the
+    # underlying `PutObjectLegalHold` API. For more information, see [Using
+    # S3 Object Lock legal hold with S3 Batch Operations][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.htmll#object-lock-legal-holds
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-legal-hold.html
     #
     # @note When making an API call, you may pass S3SetObjectLegalHoldOperation
     #   data as a hash:
@@ -2175,8 +3463,8 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] legal_hold
-    #   The Legal Hold contains the status to be applied to all objects in
-    #   the Batch Operations job.
+    #   Contains the Object Lock legal hold status to be applied to all
+    #   objects in the Batch Operations job.
     #   @return [Types::S3ObjectLockLegalHold]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectLegalHoldOperation AWS API Documentation
@@ -2187,14 +3475,15 @@ module Aws::S3Control
       include Aws::Structure
     end
 
-    # Contains the configuration parameters for a Set Object Retention
-    # operation. Amazon S3 Batch Operations passes each value through to the
-    # underlying PUT Object Retention API. For more information about the
-    # parameters for this operation, see [PUT Object Retention][1].
+    # Contains the configuration parameters for the Object Lock retention
+    # action for an S3 Batch Operations job. Batch Operations passes each
+    # value through to the underlying `PutObjectRetention` API. For more
+    # information, see [Using S3 Object Lock retention with S3 Batch
+    # Operations][1] in the *Amazon Simple Storage Service Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #
     # @note When making an API call, you may pass S3SetObjectRetentionOperation
     #   data as a hash:
@@ -2208,14 +3497,20 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] bypass_governance_retention
-    #   Indicates if the operation should be applied to objects in the Batch
-    #   Operations job even if they have Governance-type Object Lock in
+    #   Indicates if the action should be applied to objects in the Batch
+    #   Operations job even if they have Object Lock ` GOVERNANCE` type in
     #   place.
     #   @return [Boolean]
     #
     # @!attribute [rw] retention
-    #   Amazon S3 object lock Retention contains the retention mode to be
-    #   applied to all objects in the Batch Operations job.
+    #   Contains the Object Lock retention mode to be applied to all objects
+    #   in the Batch Operations job. For more information, see [Using S3
+    #   Object Lock retention with S3 Batch Operations][1] in the *Amazon
+    #   Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-retention-date.html
     #   @return [Types::S3Retention]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3SetObjectRetentionOperation AWS API Documentation
@@ -2228,7 +3523,7 @@ module Aws::S3Control
     end
 
     # Contains the configuration parameters for a Set Object Tagging
-    # operation. Amazon S3 Batch Operations passes each value through to the
+    # operation. S3 Batch Operations passes each value through to the
     # underlying PUT Object tagging API. For more information about the
     # parameters for this operation, see [PUT Object tagging][1].
     #
@@ -2282,6 +3577,30 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass Tagging
+    #   data as a hash:
+    #
+    #       {
+    #         tag_set: [ # required
+    #           {
+    #             key: "TagKeyString", # required
+    #             value: "TagValueString", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] tag_set
+    #   A collection for a set of tags.
+    #   @return [Array<Types::S3Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Tagging AWS API Documentation
+    #
+    class Tagging < Struct.new(
+      :tag_set)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2293,6 +3612,9 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Amazon S3 throws this exception if you have too many tags in your tag
+    # set.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2304,6 +3626,50 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Specifies when an object transitions to a specified storage class. For
+    # more information about Amazon S3 Lifecycle configuration rules, see [
+    # Transitioning Objects Using Amazon S3 Lifecycle][1] in the *Amazon
+    # Simple Storage Service Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html
+    #
+    # @note When making an API call, you may pass Transition
+    #   data as a hash:
+    #
+    #       {
+    #         date: Time.now,
+    #         days: 1,
+    #         storage_class: "GLACIER", # accepts GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE
+    #       }
+    #
+    # @!attribute [rw] date
+    #   Indicates when objects are transitioned to the specified storage
+    #   class. The date value must be in ISO 8601 format. The time is always
+    #   midnight UTC.
+    #   @return [Time]
+    #
+    # @!attribute [rw] days
+    #   Indicates the number of days after creation when objects are
+    #   transitioned to the specified storage class. The value must be a
+    #   positive integer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] storage_class
+    #   The storage class to which you want the object to transition.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/Transition AWS API Documentation
+    #
+    class Transition < Struct.new(
+      :date,
+      :days,
+      :storage_class)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateJobPriorityRequest
     #   data as a hash:
     #