aws-sdk-s3control 1.26.0 → 1.31.0

data/lib/aws-sdk-s3control/plugins/arn.rb

@@ -31,6 +31,7 @@ client's region instead.
           handlers.add(UrlHandler)
         end
 
+        # After extracting out any ARN input, resolve a new URL with it.
         class UrlHandler < Seahorse::Client::Handler
           def call(context)
             if context.metadata[:s3_arn]
@@ -38,13 +39,18 @@ client's region instead.
                 context.http_request.endpoint,
                 context.metadata[:s3_arn][:arn],
                 context.metadata[:s3_arn][:resolved_region],
-                context.metadata[:s3_arn][:dualstack]
+                context.metadata[:s3_arn][:dualstack],
+                # if regional_endpoint is false, a custom endpoint was provided
+                # in this case, we want to prefix the endpoint using the ARN
+                !context.config.regional_endpoint
               )
             end
             @handler.call(context)
           end
         end
 
+        # This plugin will extract out any ARN input and set context for other
+        # plugins to use without having to translate the ARN again.
         class ARNHandler < Seahorse::Client::Handler
           def call(context)
             arn_member = _arn_member(context.operation.input.shape)
@@ -54,6 +60,7 @@ client's region instead.
                 context.config.region,
                 context.config.s3_use_arn_region
               )
+              validate_outpost_dualstack!(context)
               if arn
                 validate_config!(context, arn)
 
@@ -68,7 +75,6 @@ client's region instead.
                 # depending on the ARN's resource type, put the resource value
                 # back onto params
                 context.params[arn_member] = arn.input_member
-
                 context.metadata[:s3_arn] = {
                   arn: arn,
                   resolved_region: resolved_region,
@@ -81,6 +87,17 @@ client's region instead.
 
           private
 
+          # this validation has nothing to do with ARNs (can't be in
+          # validate_config!) outposts does not support dualstack, so operations
+          # using an outpost id should be validated too.
+          def validate_outpost_dualstack!(context)
+            if context.params[:outpost_id] && context[:use_dualstack_endpoint]
+              raise ArgumentError,
+                    'Cannot provide an Outpost ID when '\
+                    '`:use_dualstack_endpoint` is set to true.'
+            end
+          end
+
           # This looks for BucketName or AccessPointName, but prefers BucketName
           # for CreateAccessPoint because it contains both but should not have
           # an Access Point ARN as AccessPointName.
@@ -102,16 +119,10 @@ client's region instead.
           end
 
           def validate_config!(context, arn)
-            unless context.config.regional_endpoint
-              raise ArgumentError,
-                    'Cannot provide both an Access Point ARN and setting '\
-                    ':endpoint.'
-            end
-
             if !arn.support_dualstack? && context[:use_dualstack_endpoint]
               raise ArgumentError,
-                    'Cannot provide both an Outpost Access Point ARN and '\
-                    'setting :use_dualstack_endpoint to true.'
+                    'Cannot provide an Outpost Access Point ARN when '\
+                    '`:use_dualstack_endpoint` is set to true.'
             end
           end
 
@@ -154,8 +165,9 @@ client's region instead.
           end
 
           # @api private
-          def resolve_url!(url, arn, region, dualstack = false)
-            url.host = arn.host_url(region, dualstack)
+          def resolve_url!(url, arn, region, dualstack = false, has_custom_endpoint = false)
+            custom_endpoint = url.host if has_custom_endpoint
+            url.host = arn.host_url(region, dualstack, custom_endpoint)
             url
           end
 
@@ -169,9 +181,9 @@ client's region instead.
             # Raise if provided value is not true or false
             if value.nil?
               raise ArgumentError,
-                    'Must provide either `true` or `false` for '\
-                    's3_use_arn_region profile option or for '\
-                    "ENV['AWS_S3_USE_ARN_REGION']"
+                    'Must provide either `true` or `false` for the '\
+                    '`s3_use_arn_region` profile option or for '\
+                    "ENV['AWS_S3_USE_ARN_REGION']."
             end
             value
           end
@@ -191,7 +203,7 @@ client's region instead.
               if !fips && !use_arn_region && region.include?('fips')
                 raise ArgumentError,
                       'FIPS client regions are not supported for this type of '\
-                      'ARN without s3_use_arn_region.'
+                      'ARN without `:s3_use_arn_region`.'
               end
 
               # if it's a fips region, attempt to normalize it

data/lib/aws-sdk-s3control/plugins/dualstack.rb

@@ -16,16 +16,22 @@ for all operations.
 
         def add_handlers(handlers, config)
           handlers.add(OptionHandler, step: :initialize)
-          handlers.add(DualstackHandler, step: :build, priority: 2)
+          handlers.add(DualstackHandler, step: :build, priority: 11)
         end
 
         # @api private
         class OptionHandler < Seahorse::Client::Handler
           def call(context)
+            # Support client configuration and per-operation configuration
             if context.params.is_a?(Hash)
               dualstack = context.params.delete(:use_dualstack_endpoint)
             end
             dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
+            # Raise if :endpoint and dualstack are both provided
+            if dualstack && !context.config.regional_endpoint
+              raise ArgumentError,
+                    'Cannot use both :use_dualstack_endpoint and :endpoint'
+            end
             context[:use_dualstack_endpoint] = dualstack
             @handler.call(context)
           end
@@ -34,17 +40,16 @@ for all operations.
         # @api private
         class DualstackHandler < Seahorse::Client::Handler
           def call(context)
-            apply_dualstack_endpoint(context) if use_dualstack_endpoint?(context)
+            if context.config.regional_endpoint && context[:use_dualstack_endpoint]
+              apply_dualstack_endpoint(context)
+            end
             @handler.call(context)
           end
 
           private
           def apply_dualstack_endpoint(context)
-            bucket_name = context.params[:bucket]
             region = context.config.region
-            dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(
-              region
-            )
+            dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
             host = "s3-control.dualstack.#{region}.#{dns_suffix}"
             endpoint = URI.parse(context.http_request.endpoint.to_s)
             endpoint.scheme = context.http_request.endpoint.scheme
@@ -52,10 +57,6 @@ for all operations.
             endpoint.host = host
             context.http_request.endpoint = endpoint.to_s
           end
-
-          def use_dualstack_endpoint?(context)
-            context[:use_dualstack_endpoint]
-          end
         end
 
       end

data/lib/aws-sdk-s3control/plugins/s3_control_signer.rb

@@ -51,8 +51,12 @@ module Aws
                 credentials: context.config.credentials
               )
             elsif outpost_operation?(context)
-              context.http_request.endpoint.host =
-                "s3-outposts.#{context.config.region}.amazonaws.com"
+              # outpost operations should go to the outposts endpoint only if
+              # it's not a custom endpoint. the ARN class changes this for ARNs
+              if context.config.regional_endpoint
+                context.http_request.endpoint.host =
+                  "s3-outposts.#{context.config.region}.amazonaws.com"
+              end
               S3ControlSigner.build_v4_signer(
                 service: 's3-outposts',
                 region: context.config.region,

data/lib/aws-sdk-s3control/resource.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-s3control/types.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -137,6 +137,35 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # AWS Lambda function used to transform objects through an Object Lambda
+    # Access Point.
+    #
+    # @note When making an API call, you may pass AwsLambdaTransformation
+    #   data as a hash:
+    #
+    #       {
+    #         function_arn: "FunctionArnString", # required
+    #         function_payload: "AwsLambdaTransformationPayload",
+    #       }
+    #
+    # @!attribute [rw] function_arn
+    #   The Amazon Resource Name (ARN) of the AWS Lambda function.
+    #   @return [String]
+    #
+    # @!attribute [rw] function_payload
+    #   Additional JSON that provides supplemental data to the Lambda
+    #   function used to transform objects.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/AwsLambdaTransformation AWS API Documentation
+    #
+    class AwsLambdaTransformation < Struct.new(
+      :function_arn,
+      :function_payload)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -203,6 +232,65 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateAccessPointForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #         configuration: { # required
+    #           supporting_access_point: "ObjectLambdaSupportingAccessPointArn", # required
+    #           cloud_watch_metrics_enabled: false,
+    #           allowed_features: ["GetObject-Range"], # accepts GetObject-Range, GetObject-PartNumber
+    #           transformation_configurations: [ # required
+    #             {
+    #               actions: ["GetObject"], # required, accepts GetObject
+    #               content_transformation: { # required
+    #                 aws_lambda: {
+    #                   function_arn: "FunctionArnString", # required
+    #                   function_payload: "AwsLambdaTransformationPayload",
+    #                 },
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account ID for owner of the specified Object Lambda Access
+    #   Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name you want to assign to this Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration
+    #   Object Lambda Access Point configuration as a JSON document.
+    #   @return [Types::ObjectLambdaConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessPointForObjectLambdaRequest AWS API Documentation
+    #
+    class CreateAccessPointForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name,
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] object_lambda_access_point_arn
+    #   Specifies the ARN for the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessPointForObjectLambdaResult AWS API Documentation
+    #
+    class CreateAccessPointForObjectLambdaResult < Struct.new(
+      :object_lambda_access_point_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateAccessPointRequest
     #   data as a hash:
     #
@@ -558,6 +646,8 @@ module Aws::S3Control
     #               },
     #             ],
     #           },
+    #           s3_delete_object_tagging: {
+    #           },
     #           s3_initiate_restore_object: {
     #             expiration_in_days: 1,
     #             glacier_job_tier: "BULK", # accepts BULK, STANDARD
@@ -616,14 +706,14 @@ module Aws::S3Control
     #   @return [Boolean]
     #
     # @!attribute [rw] operation
-    #   The operation that you want this job to perform on every object
-    #   listed in the manifest. For more information about the available
-    #   operations, see [Operations][1] in the *Amazon Simple Storage
-    #   Service Developer Guide*.
+    #   The action that you want this job to perform on every object listed
+    #   in the manifest. For more information about the available actions,
+    #   see [Operations][1] in the *Amazon Simple Storage Service User
+    #   Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-operations.html
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-actions.html
     #   @return [Types::JobOperation]
     #
     # @!attribute [rw] report
@@ -657,7 +747,7 @@ module Aws::S3Control
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) for the AWS Identity and Access
     #   Management (IAM) role that Batch Operations will use to run this
-    #   job's operation on every object in the manifest.
+    #   job's action on every object in the manifest.
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -695,6 +785,59 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteAccessPointForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the access point you want to delete.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointForObjectLambdaRequest AWS API Documentation
+    #
+    class DeleteAccessPointForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteAccessPointPolicyForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point you want to delete the
+    #   policy for.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessPointPolicyForObjectLambdaRequest AWS API Documentation
+    #
+    class DeleteAccessPointPolicyForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteAccessPointPolicyRequest
     #   data as a hash:
     #
@@ -1032,6 +1175,7 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
@@ -1087,6 +1231,133 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetAccessPointConfigurationForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point you want to return the
+    #   configuration for.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointConfigurationForObjectLambdaRequest AWS API Documentation
+    #
+    class GetAccessPointConfigurationForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] configuration
+    #   Object Lambda Access Point configuration document.
+    #   @return [Types::ObjectLambdaConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointConfigurationForObjectLambdaResult AWS API Documentation
+    #
+    class GetAccessPointConfigurationForObjectLambdaResult < Struct.new(
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointForObjectLambdaRequest AWS API Documentation
+    #
+    class GetAccessPointForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_configuration
+    #   Configuration to block all public access. This setting is turned on
+    #   and can not be edited.
+    #   @return [Types::PublicAccessBlockConfiguration]
+    #
+    # @!attribute [rw] creation_date
+    #   The date and time when the specified Object Lambda Access Point was
+    #   created.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointForObjectLambdaResult AWS API Documentation
+    #
+    class GetAccessPointForObjectLambdaResult < Struct.new(
+      :name,
+      :public_access_block_configuration,
+      :creation_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAccessPointPolicyForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyForObjectLambdaRequest AWS API Documentation
+    #
+    class GetAccessPointPolicyForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy
+    #   Object Lambda Access Point resource policy document.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyForObjectLambdaResult AWS API Documentation
+    #
+    class GetAccessPointPolicyForObjectLambdaResult < Struct.new(
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetAccessPointPolicyRequest
     #   data as a hash:
     #
@@ -1137,6 +1408,51 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetAccessPointPolicyStatusForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyStatusForObjectLambdaRequest AWS API Documentation
+    #
+    class GetAccessPointPolicyStatusForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] policy_status
+    #   Indicates whether this access point policy is public. For more
+    #   information about how Amazon S3 evaluates policies to determine
+    #   whether they are public, see [The Meaning of "Public"][1] in the
+    #   *Amazon Simple Storage Service User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status
+    #   @return [Types::PolicyStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessPointPolicyStatusForObjectLambdaResult AWS API Documentation
+    #
+    class GetAccessPointPolicyStatusForObjectLambdaResult < Struct.new(
+      :policy_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetAccessPointPolicyStatusRequest
     #   data as a hash:
     #
@@ -1926,6 +2242,14 @@ module Aws::S3Control
     #
     # @!attribute [rw] object_arn
     #   The Amazon Resource Name (ARN) for a manifest object.
+    #
+    #   Replacement must be made for object keys containing special
+    #   characters (such as carriage returns) when using XML requests. For
+    #   more information, see [ XML related object key constraints][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints
     #   @return [String]
     #
     # @!attribute [rw] object_version_id
@@ -1980,8 +2304,7 @@ module Aws::S3Control
 
     # The operation that you want this job to perform on every object listed
     # in the manifest. For more information about the available operations,
-    # see [Operations][1] in the *Amazon Simple Storage Service Developer
-    # Guide*.
+    # see [Operations][1] in the *Amazon Simple Storage Service User Guide*.
     #
     #
     #
@@ -2069,6 +2392,8 @@ module Aws::S3Control
     #             },
     #           ],
     #         },
+    #         s3_delete_object_tagging: {
+    #         },
     #         s3_initiate_restore_object: {
     #           expiration_in_days: 1,
     #           glacier_job_tier: "BULK", # accepts BULK, STANDARD
@@ -2107,6 +2432,11 @@ module Aws::S3Control
     #   object in the manifest.
     #   @return [Types::S3SetObjectTaggingOperation]
     #
+    # @!attribute [rw] s3_delete_object_tagging
+    #   Directs the specified job to execute a DELETE Object tagging call on
+    #   every object in the manifest.
+    #   @return [Types::S3DeleteObjectTaggingOperation]
+    #
     # @!attribute [rw] s3_initiate_restore_object
     #   Directs the specified job to initiate restore requests for every
     #   archived object in the manifest.
@@ -2117,7 +2447,7 @@ module Aws::S3Control
     #   operation that an S3 Batch Operations job passes every object to the
     #   underlying `PutObjectLegalHold` API. For more information, see
     #   [Using S3 Object Lock legal hold with S3 Batch Operations][1] in the
-    #   *Amazon Simple Storage Service Developer Guide*.
+    #   *Amazon Simple Storage Service User Guide*.
     #
     #
     #
@@ -2129,8 +2459,7 @@ module Aws::S3Control
     #   action for an S3 Batch Operations job. Batch Operations passes every
     #   object to the underlying `PutObjectRetention` API. For more
     #   information, see [Using S3 Object Lock retention with S3 Batch
-    #   Operations][1] in the *Amazon Simple Storage Service Developer
-    #   Guide*.
+    #   Operations][1] in the *Amazon Simple Storage Service User Guide*.
     #
     #
     #
@@ -2144,6 +2473,7 @@ module Aws::S3Control
       :s3_put_object_copy,
       :s3_put_object_acl,
       :s3_put_object_tagging,
+      :s3_delete_object_tagging,
       :s3_initiate_restore_object,
       :s3_put_object_legal_hold,
       :s3_put_object_retention)
@@ -2544,6 +2874,14 @@ module Aws::S3Control
     #
     # @!attribute [rw] prefix
     #   Prefix identifying one or more objects to which the rule applies.
+    #
+    #   Replacement must be made for object keys containing special
+    #   characters (such as carriage returns) when using XML requests. For
+    #   more information, see [ XML related object key constraints][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints
     #   @return [String]
     #
     # @!attribute [rw] tag
@@ -2563,6 +2901,64 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListAccessPointsForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         next_token: "NonEmptyMaxLength1024String",
+    #         max_results: 1,
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   If the list has more access points than can be returned in one call
+    #   to this API, this field contains a continuation token that you can
+    #   provide in subsequent calls to this API to retrieve additional
+    #   access points.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of access points that you want to include in the
+    #   list. If there are more than this number of access points, then the
+    #   response will include a continuation token in the `NextToken` field
+    #   that you can use to retrieve the next page of access points.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessPointsForObjectLambdaRequest AWS API Documentation
+    #
+    class ListAccessPointsForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] object_lambda_access_point_list
+    #   Returns list of Object Lambda Access Points.
+    #   @return [Array<Types::ObjectLambdaAccessPoint>]
+    #
+    # @!attribute [rw] next_token
+    #   If the list has more access points than can be returned in one call
+    #   to this API, this field contains a continuation token that you can
+    #   provide in subsequent calls to this API to retrieve additional
+    #   access points.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessPointsForObjectLambdaResult AWS API Documentation
+    #
+    class ListAccessPointsForObjectLambdaResult < Struct.new(
+      :object_lambda_access_point_list,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListAccessPointsRequest
     #   data as a hash:
     #
@@ -2653,6 +3049,7 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_statuses
@@ -2931,10 +3328,142 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # An access point with an attached AWS Lambda function used to access
+    # transformed data from an Amazon S3 bucket.
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] object_lambda_access_point_arn
+    #   Specifies the ARN for the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ObjectLambdaAccessPoint AWS API Documentation
+    #
+    class ObjectLambdaAccessPoint < Struct.new(
+      :name,
+      :object_lambda_access_point_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A configuration used when creating an Object Lambda Access Point.
+    #
+    # @note When making an API call, you may pass ObjectLambdaConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         supporting_access_point: "ObjectLambdaSupportingAccessPointArn", # required
+    #         cloud_watch_metrics_enabled: false,
+    #         allowed_features: ["GetObject-Range"], # accepts GetObject-Range, GetObject-PartNumber
+    #         transformation_configurations: [ # required
+    #           {
+    #             actions: ["GetObject"], # required, accepts GetObject
+    #             content_transformation: { # required
+    #               aws_lambda: {
+    #                 function_arn: "FunctionArnString", # required
+    #                 function_payload: "AwsLambdaTransformationPayload",
+    #               },
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] supporting_access_point
+    #   Standard access point associated with the Object Lambda Access
+    #   Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] cloud_watch_metrics_enabled
+    #   A container for whether the CloudWatch metrics configuration is
+    #   enabled.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] allowed_features
+    #   A container for allowed features. Valid inputs are `GetObject-Range`
+    #   and `GetObject-PartNumber`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] transformation_configurations
+    #   A container for transformation configurations for an Object Lambda
+    #   Access Point.
+    #   @return [Array<Types::ObjectLambdaTransformationConfiguration>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ObjectLambdaConfiguration AWS API Documentation
+    #
+    class ObjectLambdaConfiguration < Struct.new(
+      :supporting_access_point,
+      :cloud_watch_metrics_enabled,
+      :allowed_features,
+      :transformation_configurations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A container for AwsLambdaTransformation.
+    #
+    # @note When making an API call, you may pass ObjectLambdaContentTransformation
+    #   data as a hash:
+    #
+    #       {
+    #         aws_lambda: {
+    #           function_arn: "FunctionArnString", # required
+    #           function_payload: "AwsLambdaTransformationPayload",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] aws_lambda
+    #   A container for an AWS Lambda function.
+    #   @return [Types::AwsLambdaTransformation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ObjectLambdaContentTransformation AWS API Documentation
+    #
+    class ObjectLambdaContentTransformation < Struct.new(
+      :aws_lambda)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A configuration used when creating an Object Lambda Access Point
+    # transformation.
+    #
+    # @note When making an API call, you may pass ObjectLambdaTransformationConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         actions: ["GetObject"], # required, accepts GetObject
+    #         content_transformation: { # required
+    #           aws_lambda: {
+    #             function_arn: "FunctionArnString", # required
+    #             function_payload: "AwsLambdaTransformationPayload",
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] actions
+    #   A container for the action of an Object Lambda Access Point
+    #   configuration.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] content_transformation
+    #   A container for the content transformation of an Object Lambda
+    #   Access Point configuration.
+    #   @return [Types::ObjectLambdaContentTransformation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ObjectLambdaTransformationConfiguration AWS API Documentation
+    #
+    class ObjectLambdaTransformationConfiguration < Struct.new(
+      :actions,
+      :content_transformation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Indicates whether this access point policy is public. For more
     # information about how Amazon S3 evaluates policies to determine
     # whether they are public, see [The Meaning of "Public"][1] in the
-    # *Amazon Simple Storage Service Developer Guide*.
+    # *Amazon Simple Storage Service User Guide*.
     #
     #
     #
@@ -3097,6 +3626,85 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutAccessPointConfigurationForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #         configuration: { # required
+    #           supporting_access_point: "ObjectLambdaSupportingAccessPointArn", # required
+    #           cloud_watch_metrics_enabled: false,
+    #           allowed_features: ["GetObject-Range"], # accepts GetObject-Range, GetObject-PartNumber
+    #           transformation_configurations: [ # required
+    #             {
+    #               actions: ["GetObject"], # required, accepts GetObject
+    #               content_transformation: { # required
+    #                 aws_lambda: {
+    #                   function_arn: "FunctionArnString", # required
+    #                   function_payload: "AwsLambdaTransformationPayload",
+    #                 },
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration
+    #   Object Lambda Access Point configuration document.
+    #   @return [Types::ObjectLambdaConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessPointConfigurationForObjectLambdaRequest AWS API Documentation
+    #
+    class PutAccessPointConfigurationForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name,
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutAccessPointPolicyForObjectLambdaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #         name: "ObjectLambdaAccessPointName", # required
+    #         policy: "ObjectLambdaPolicy", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The account ID for the account that owns the specified Object Lambda
+    #   Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Object Lambda Access Point.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy
+    #   Object Lambda Access Point resource policy document.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessPointPolicyForObjectLambdaRequest AWS API Documentation
+    #
+    class PutAccessPointPolicyForObjectLambdaRequest < Struct.new(
+      :account_id,
+      :name,
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutAccessPointPolicyRequest
     #   data as a hash:
     #
@@ -3133,11 +3741,11 @@ module Aws::S3Control
     #   The policy that you want to apply to the specified access point. For
     #   more information about access point policies, see [Managing data
     #   access with Amazon S3 Access Points][1] in the *Amazon Simple
-    #   Storage Service Developer Guide*.
+    #   Storage Service User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/PutAccessPointPolicyRequest AWS API Documentation
@@ -3860,6 +4468,16 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Contains no configuration parameters because the DELETE Object tagging
+    # API only accepts the bucket name and key name as parameters, which are
+    # defined in the job's manifest.
+    #
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/S3DeleteObjectTaggingOperation AWS API Documentation
+    #
+    class S3DeleteObjectTaggingOperation < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass S3Grant
     #   data as a hash:
     #
@@ -4088,7 +4706,7 @@ module Aws::S3Control
     # and `RetainUntilDate` data types in your operation, you will remove
     # the retention from your objects. For more information, see [Using S3
     # Object Lock retention with S3 Batch Operations][1] in the *Amazon
-    # Simple Storage Service Developer Guide*.
+    # Simple Storage Service User Guide*.
     #
     #
     #
@@ -4170,7 +4788,7 @@ module Aws::S3Control
     # that an S3 Batch Operations job passes every object to the underlying
     # `PutObjectLegalHold` API. For more information, see [Using S3 Object
     # Lock legal hold with S3 Batch Operations][1] in the *Amazon Simple
-    # Storage Service Developer Guide*.
+    # Storage Service User Guide*.
     #
     #
     #
@@ -4202,7 +4820,7 @@ module Aws::S3Control
     # action for an S3 Batch Operations job. Batch Operations passes every
     # object to the underlying `PutObjectRetention` API. For more
     # information, see [Using S3 Object Lock retention with S3 Batch
-    # Operations][1] in the *Amazon Simple Storage Service Developer Guide*.
+    # Operations][1] in the *Amazon Simple Storage Service User Guide*.
     #
     #
     #
@@ -4229,7 +4847,7 @@ module Aws::S3Control
     #   Contains the Object Lock retention mode to be applied to all objects
     #   in the Batch Operations job. For more information, see [Using S3
     #   Object Lock retention with S3 Batch Operations][1] in the *Amazon
-    #   Simple Storage Service Developer Guide*.
+    #   Simple Storage Service User Guide*.
     #
     #
     #
@@ -4531,6 +5149,11 @@ module Aws::S3Control
     # @!attribute [rw] s3_bucket_destination
     #   A container for the bucket where the S3 Storage Lens metrics export
     #   will be located.
+    #
+    #   <note markdown="1"> This bucket must be located in the same Region as the storage lens
+    #   configuration.
+    #
+    #    </note>
     #   @return [Types::S3BucketDestination]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/StorageLensDataExport AWS API Documentation
@@ -4644,7 +5267,7 @@ module Aws::S3Control
     # Specifies when an object transitions to a specified storage class. For
     # more information about Amazon S3 Lifecycle configuration rules, see [
     # Transitioning objects using Amazon S3 Lifecycle][1] in the *Amazon
-    # Simple Storage Service Developer Guide*.
+    # Simple Storage Service User Guide*.
     #
     #
     #
@@ -4695,6 +5318,7 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id
@@ -4743,6 +5367,7 @@ module Aws::S3Control
     #       }
     #
     # @!attribute [rw] account_id
+    #   The AWS account ID associated with the S3 Batch Operations job.
     #   @return [String]
     #
     # @!attribute [rw] job_id