aws-sdk-s3control 1.88.0 → 1.89.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 46e33a35087420c209bd02eccca7c07ceda6d65559736ed1f1d8ee8cf2a13751
-  data.tar.gz: f51e4596adfbb4031d8c8ab7eccdf2bbd1315c54133a8b2f97087a8c6ecaf0b2
+  metadata.gz: cb1eb3d6b95b2c46fffa70d6a167d9f52bcf60e2da4f5586ae953c1726806c8a
+  data.tar.gz: 5bf8ddc74a82c15621c8c114e3ff56e36158820cbf3ca4e5b75ec497076c6732
 SHA512:
-  metadata.gz: 6aae9652440741d914b3ec6734909653221bfdb76aff10a4f9b64e66e396032690352efe768ce7795c9091f6629950c74e907603de1a2ddbb8f99f99ef7cf788
-  data.tar.gz: 8635c72e08a7112ff1a6c375f20dc942d29f4785e39042ed1df24bf82c4e87a6ce7ed0af14bc0fab2c3c10fcabec9592a5e437db70608455d6a847459e91c9f8
+  metadata.gz: 725febe15db004149d0f9cd9a3efc4e6b1a6ecfaab228c390edb98238bf60ceb4563a0418c2fb59a1372a8d204502552470a1ccca14f9b27bcc129a1ccc5ccc8
+  data.tar.gz: ed381159d197cb129c597178ea4ed223158eaa61747248e13535be1dc1493672751fa9eb66ae49d542304ba532ca7b2195b3961508ecbea6efda4ed3abcc8b6b

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.89.0 (2024-09-04)
+------------------
+
+* Feature - Amazon Simple Storage Service /S3 Access Grants / Features : This release launches new Access Grants API - ListCallerAccessGrants.
+
 1.88.0 (2024-09-03)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.88.0
+1.89.0

data/lib/aws-sdk-s3control/client.rb

@@ -468,7 +468,7 @@ module Aws::S3Control
     #   `sso:PutApplicationAuthenticationMethod`.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :identity_center_arn
     #   The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity
@@ -528,7 +528,7 @@ module Aws::S3Control
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessGrantsLocation.html
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :access_grants_location_id
     #   The ID of the registered location to which you are granting access. S3
@@ -655,7 +655,7 @@ module Aws::S3Control
     #   `sso:PutApplicationAuthenticationMethod` permissions.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [String] :identity_center_arn
     #   If you would like to associate your S3 Access Grants instance with an
@@ -683,6 +683,8 @@ module Aws::S3Control
     #   * {Types::CreateAccessGrantsInstanceResult#access_grants_instance_id #access_grants_instance_id} => String
     #   * {Types::CreateAccessGrantsInstanceResult#access_grants_instance_arn #access_grants_instance_arn} => String
     #   * {Types::CreateAccessGrantsInstanceResult#identity_center_arn #identity_center_arn} => String
+    #   * {Types::CreateAccessGrantsInstanceResult#identity_center_instance_arn #identity_center_instance_arn} => String
+    #   * {Types::CreateAccessGrantsInstanceResult#identity_center_application_arn #identity_center_application_arn} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -703,6 +705,8 @@ module Aws::S3Control
     #   resp.access_grants_instance_id #=> String
     #   resp.access_grants_instance_arn #=> String
     #   resp.identity_center_arn #=> String
+    #   resp.identity_center_instance_arn #=> String
+    #   resp.identity_center_application_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrantsInstance AWS API Documentation
     #
@@ -744,7 +748,7 @@ module Aws::S3Control
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-location.html
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :location_scope
     #   The S3 path to the location that you are registering. The location
@@ -1670,7 +1674,7 @@ module Aws::S3Control
     #   operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :access_grant_id
     #   The ID of the access grant. S3 Access Grants auto-generates this ID
@@ -1717,7 +1721,7 @@ module Aws::S3Control
     # [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DissociateAccessGrantsIdentityCenter.html
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1747,7 +1751,7 @@ module Aws::S3Control
     #   permission to use this operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1783,7 +1787,7 @@ module Aws::S3Control
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessGrant.html
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :access_grants_location_id
     #   The ID of the registered location that you are deregistering from your
@@ -3003,7 +3007,7 @@ module Aws::S3Control
     #   operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -3031,7 +3035,7 @@ module Aws::S3Control
     #   operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :access_grant_id
     #   The ID of the access grant. S3 Access Grants auto-generates this ID
@@ -3085,14 +3089,22 @@ module Aws::S3Control
     # : You must have the `s3:GetAccessGrantsInstance` permission to use
     #   this operation.
     #
+    # <note markdown="1"> `GetAccessGrantsInstance` is not supported for cross-account access.
+    # You can only call the API from the account that owns the S3 Access
+    # Grants instance.
+    #
+    #  </note>
+    #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @return [Types::GetAccessGrantsInstanceResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetAccessGrantsInstanceResult#access_grants_instance_arn #access_grants_instance_arn} => String
     #   * {Types::GetAccessGrantsInstanceResult#access_grants_instance_id #access_grants_instance_id} => String
     #   * {Types::GetAccessGrantsInstanceResult#identity_center_arn #identity_center_arn} => String
+    #   * {Types::GetAccessGrantsInstanceResult#identity_center_instance_arn #identity_center_instance_arn} => String
+    #   * {Types::GetAccessGrantsInstanceResult#identity_center_application_arn #identity_center_application_arn} => String
     #   * {Types::GetAccessGrantsInstanceResult#created_at #created_at} => Time
     #
     # @example Request syntax with placeholder values
@@ -3106,6 +3118,8 @@ module Aws::S3Control
     #   resp.access_grants_instance_arn #=> String
     #   resp.access_grants_instance_id #=> String
     #   resp.identity_center_arn #=> String
+    #   resp.identity_center_instance_arn #=> String
+    #   resp.identity_center_application_arn #=> String
     #   resp.created_at #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstance AWS API Documentation
@@ -3171,7 +3185,7 @@ module Aws::S3Control
     #   permission to use this operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @return [Types::GetAccessGrantsInstanceResourcePolicyResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3209,7 +3223,7 @@ module Aws::S3Control
     #   this operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :access_grants_location_id
     #   The ID of the registered location that you are retrieving. S3 Access
@@ -4282,7 +4296,7 @@ module Aws::S3Control
     # [1]: https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :target
     #   The S3 URI path of the data to which you are requesting temporary
@@ -4961,7 +4975,7 @@ module Aws::S3Control
     #   operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [String] :next_token
     #   A pagination token to request the next page of results. Pass this
@@ -5073,7 +5087,7 @@ module Aws::S3Control
     #   this operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [String] :next_token
     #   A pagination token to request the next page of results. Pass this
@@ -5109,6 +5123,8 @@ module Aws::S3Control
     #   resp.access_grants_instances_list[0].access_grants_instance_arn #=> String
     #   resp.access_grants_instances_list[0].created_at #=> Time
     #   resp.access_grants_instances_list[0].identity_center_arn #=> String
+    #   resp.access_grants_instances_list[0].identity_center_instance_arn #=> String
+    #   resp.access_grants_instances_list[0].identity_center_application_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrantsInstances AWS API Documentation
     #
@@ -5128,7 +5144,7 @@ module Aws::S3Control
     #   this operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [String] :next_token
     #   A pagination token to request the next page of results. Pass this
@@ -5367,6 +5383,75 @@ module Aws::S3Control
       req.send_request(options)
     end
 
+    # Returns a list of the access grants that were given to the caller
+    # using S3 Access Grants and that allow the caller to access the S3 data
+    # of the Amazon Web Services account specified in the request.
+    #
+    # Permissions
+    #
+    # : You must have the `s3:ListCallerAccessGrants` permission to use this
+    #   operation.
+    #
+    # @option params [String] :account_id
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
+    #
+    # @option params [String] :grant_scope
+    #   The S3 path of the data that you would like to access. Must start with
+    #   `s3://`. You can optionally pass only the beginning characters of a
+    #   path, and S3 Access Grants will search for all applicable grants for
+    #   the path fragment.
+    #
+    # @option params [String] :next_token
+    #   A pagination token to request the next page of results. Pass this
+    #   value into a subsequent `List Caller Access Grants` request in order
+    #   to retrieve the next page of results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of access grants that you would like returned in
+    #   the `List Caller Access Grants` response. If the results include the
+    #   pagination token `NextToken`, make another call using the `NextToken`
+    #   to determine if there are more results.
+    #
+    # @option params [Boolean] :allowed_by_application
+    #   If this optional parameter is passed in the request, a filter is
+    #   applied to the results. The results will include only the access
+    #   grants for the caller's Identity Center application or for any other
+    #   applications (`ALL`).
+    #
+    # @return [Types::ListCallerAccessGrantsResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListCallerAccessGrantsResult#next_token #next_token} => String
+    #   * {Types::ListCallerAccessGrantsResult#caller_access_grants_list #caller_access_grants_list} => Array&lt;Types::ListCallerAccessGrantsEntry&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_caller_access_grants({
+    #     account_id: "AccountId",
+    #     grant_scope: "S3Prefix",
+    #     next_token: "ContinuationToken",
+    #     max_results: 1,
+    #     allowed_by_application: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.caller_access_grants_list #=> Array
+    #   resp.caller_access_grants_list[0].permission #=> String, one of "READ", "WRITE", "READWRITE"
+    #   resp.caller_access_grants_list[0].grant_scope #=> String
+    #   resp.caller_access_grants_list[0].application_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListCallerAccessGrants AWS API Documentation
+    #
+    # @overload list_caller_access_grants(params = {})
+    # @param [Hash] params ({})
+    def list_caller_access_grants(params = {}, options = {})
+      req = build_request(:list_caller_access_grants, params)
+      req.send_request(options)
+    end
+
     # Lists current S3 Batch Operations jobs as well as the jobs that have
     # ended within the last 90 days for the Amazon Web Services account
     # making the request. For more information, see [S3 Batch Operations][1]
@@ -5792,7 +5877,7 @@ module Aws::S3Control
     #   permission to use this operation.
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :policy
     #   The resource policy of the S3 Access Grants instance that you are
@@ -7319,7 +7404,7 @@ module Aws::S3Control
     # : You must also have the following permission: `iam:PassRole`
     #
     # @option params [String] :account_id
-    #   The ID of the Amazon Web Services account that is making this request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #
     # @option params [required, String] :access_grants_location_id
     #   The ID of the registered location that you are updating. S3 Access
@@ -7628,7 +7713,7 @@ module Aws::S3Control
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-s3control'
-      context[:gem_version] = '1.88.0'
+      context[:gem_version] = '1.89.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-s3control/client_api.rb

@@ -58,6 +58,7 @@ module Aws::S3Control
     BucketName = Shapes::StringShape.new(name: 'BucketName')
     BucketVersioningStatus = Shapes::StringShape.new(name: 'BucketVersioningStatus')
     Buckets = Shapes::ListShape.new(name: 'Buckets')
+    CallerAccessGrantsList = Shapes::ListShape.new(name: 'CallerAccessGrantsList')
     CloudWatchMetrics = Shapes::StructureShape.new(name: 'CloudWatchMetrics')
     ConfigId = Shapes::StringShape.new(name: 'ConfigId')
     ConfirmRemoveSelfBucketAccess = Shapes::BooleanShape.new(name: 'ConfirmRemoveSelfBucketAccess')
@@ -266,6 +267,9 @@ module Aws::S3Control
     ListAccessPointsForObjectLambdaResult = Shapes::StructureShape.new(name: 'ListAccessPointsForObjectLambdaResult')
     ListAccessPointsRequest = Shapes::StructureShape.new(name: 'ListAccessPointsRequest')
     ListAccessPointsResult = Shapes::StructureShape.new(name: 'ListAccessPointsResult')
+    ListCallerAccessGrantsEntry = Shapes::StructureShape.new(name: 'ListCallerAccessGrantsEntry')
+    ListCallerAccessGrantsRequest = Shapes::StructureShape.new(name: 'ListCallerAccessGrantsRequest')
+    ListCallerAccessGrantsResult = Shapes::StructureShape.new(name: 'ListCallerAccessGrantsResult')
     ListJobsRequest = Shapes::StructureShape.new(name: 'ListJobsRequest')
     ListJobsResult = Shapes::StructureShape.new(name: 'ListJobsResult')
     ListMultiRegionAccessPointsRequest = Shapes::StructureShape.new(name: 'ListMultiRegionAccessPointsRequest')
@@ -612,6 +616,8 @@ module Aws::S3Control
 
     Buckets.member = Shapes::ShapeRef.new(shape: S3BucketArnString, location_name: "Arn")
 
+    CallerAccessGrantsList.member = Shapes::ShapeRef.new(shape: ListCallerAccessGrantsEntry, location_name: "AccessGrant")
+
     CloudWatchMetrics.add_member(:is_enabled, Shapes::ShapeRef.new(shape: IsEnabled, required: true, location_name: "IsEnabled"))
     CloudWatchMetrics.struct_class = Types::CloudWatchMetrics
 
@@ -644,7 +650,9 @@ module Aws::S3Control
     CreateAccessGrantsInstanceResult.add_member(:created_at, Shapes::ShapeRef.new(shape: CreationTimestamp, location_name: "CreatedAt"))
     CreateAccessGrantsInstanceResult.add_member(:access_grants_instance_id, Shapes::ShapeRef.new(shape: AccessGrantsInstanceId, location_name: "AccessGrantsInstanceId"))
     CreateAccessGrantsInstanceResult.add_member(:access_grants_instance_arn, Shapes::ShapeRef.new(shape: AccessGrantsInstanceArn, location_name: "AccessGrantsInstanceArn"))
-    CreateAccessGrantsInstanceResult.add_member(:identity_center_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, location_name: "IdentityCenterArn"))
+    CreateAccessGrantsInstanceResult.add_member(:identity_center_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, deprecated: true, location_name: "IdentityCenterArn", metadata: {"deprecatedMessage"=>"IdentityCenterArn has been deprecated. Use IdentityCenterInstanceArn or IdentityCenterApplicationArn."}))
+    CreateAccessGrantsInstanceResult.add_member(:identity_center_instance_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, location_name: "IdentityCenterInstanceArn"))
+    CreateAccessGrantsInstanceResult.add_member(:identity_center_application_arn, Shapes::ShapeRef.new(shape: IdentityCenterApplicationArn, location_name: "IdentityCenterApplicationArn"))
     CreateAccessGrantsInstanceResult.struct_class = Types::CreateAccessGrantsInstanceResult
 
     CreateAccessGrantsLocationRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-account-id", metadata: {"contextParam"=>{"name"=>"AccountId"}}))
@@ -914,7 +922,9 @@ module Aws::S3Control
 
     GetAccessGrantsInstanceResult.add_member(:access_grants_instance_arn, Shapes::ShapeRef.new(shape: AccessGrantsInstanceArn, location_name: "AccessGrantsInstanceArn"))
     GetAccessGrantsInstanceResult.add_member(:access_grants_instance_id, Shapes::ShapeRef.new(shape: AccessGrantsInstanceId, location_name: "AccessGrantsInstanceId"))
-    GetAccessGrantsInstanceResult.add_member(:identity_center_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, location_name: "IdentityCenterArn"))
+    GetAccessGrantsInstanceResult.add_member(:identity_center_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, deprecated: true, location_name: "IdentityCenterArn", metadata: {"deprecatedMessage"=>"IdentityCenterArn has been deprecated. Use IdentityCenterInstanceArn or IdentityCenterApplicationArn."}))
+    GetAccessGrantsInstanceResult.add_member(:identity_center_instance_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, location_name: "IdentityCenterInstanceArn"))
+    GetAccessGrantsInstanceResult.add_member(:identity_center_application_arn, Shapes::ShapeRef.new(shape: IdentityCenterApplicationArn, location_name: "IdentityCenterApplicationArn"))
     GetAccessGrantsInstanceResult.add_member(:created_at, Shapes::ShapeRef.new(shape: CreationTimestamp, location_name: "CreatedAt"))
     GetAccessGrantsInstanceResult.struct_class = Types::GetAccessGrantsInstanceResult
 
@@ -1295,7 +1305,9 @@ module Aws::S3Control
     ListAccessGrantsInstanceEntry.add_member(:access_grants_instance_id, Shapes::ShapeRef.new(shape: AccessGrantsInstanceId, location_name: "AccessGrantsInstanceId"))
     ListAccessGrantsInstanceEntry.add_member(:access_grants_instance_arn, Shapes::ShapeRef.new(shape: AccessGrantsInstanceArn, location_name: "AccessGrantsInstanceArn"))
     ListAccessGrantsInstanceEntry.add_member(:created_at, Shapes::ShapeRef.new(shape: CreationTimestamp, location_name: "CreatedAt"))
-    ListAccessGrantsInstanceEntry.add_member(:identity_center_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, location_name: "IdentityCenterArn"))
+    ListAccessGrantsInstanceEntry.add_member(:identity_center_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, deprecated: true, location_name: "IdentityCenterArn", metadata: {"deprecatedMessage"=>"IdentityCenterArn has been deprecated. Use IdentityCenterInstanceArn or IdentityCenterApplicationArn."}))
+    ListAccessGrantsInstanceEntry.add_member(:identity_center_instance_arn, Shapes::ShapeRef.new(shape: IdentityCenterArn, location_name: "IdentityCenterInstanceArn"))
+    ListAccessGrantsInstanceEntry.add_member(:identity_center_application_arn, Shapes::ShapeRef.new(shape: IdentityCenterApplicationArn, location_name: "IdentityCenterApplicationArn"))
     ListAccessGrantsInstanceEntry.struct_class = Types::ListAccessGrantsInstanceEntry
 
     ListAccessGrantsInstancesRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-account-id", metadata: {"contextParam"=>{"name"=>"AccountId"}}))
@@ -1357,6 +1369,22 @@ module Aws::S3Control
     ListAccessPointsResult.add_member(:next_token, Shapes::ShapeRef.new(shape: NonEmptyMaxLength1024String, location_name: "NextToken"))
     ListAccessPointsResult.struct_class = Types::ListAccessPointsResult
 
+    ListCallerAccessGrantsEntry.add_member(:permission, Shapes::ShapeRef.new(shape: Permission, location_name: "Permission"))
+    ListCallerAccessGrantsEntry.add_member(:grant_scope, Shapes::ShapeRef.new(shape: S3Prefix, location_name: "GrantScope"))
+    ListCallerAccessGrantsEntry.add_member(:application_arn, Shapes::ShapeRef.new(shape: IdentityCenterApplicationArn, location_name: "ApplicationArn"))
+    ListCallerAccessGrantsEntry.struct_class = Types::ListCallerAccessGrantsEntry
+
+    ListCallerAccessGrantsRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-account-id", metadata: {"contextParam"=>{"name"=>"AccountId"}}))
+    ListCallerAccessGrantsRequest.add_member(:grant_scope, Shapes::ShapeRef.new(shape: S3Prefix, location: "querystring", location_name: "grantscope"))
+    ListCallerAccessGrantsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: ContinuationToken, location: "querystring", location_name: "nextToken"))
+    ListCallerAccessGrantsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "maxResults"))
+    ListCallerAccessGrantsRequest.add_member(:allowed_by_application, Shapes::ShapeRef.new(shape: Boolean, location: "querystring", location_name: "allowedByApplication"))
+    ListCallerAccessGrantsRequest.struct_class = Types::ListCallerAccessGrantsRequest
+
+    ListCallerAccessGrantsResult.add_member(:next_token, Shapes::ShapeRef.new(shape: ContinuationToken, location_name: "NextToken"))
+    ListCallerAccessGrantsResult.add_member(:caller_access_grants_list, Shapes::ShapeRef.new(shape: CallerAccessGrantsList, location_name: "CallerAccessGrantsList"))
+    ListCallerAccessGrantsResult.struct_class = Types::ListCallerAccessGrantsResult
+
     ListJobsRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-account-id", metadata: {"contextParam"=>{"name"=>"AccountId"}}))
     ListJobsRequest.add_member(:job_statuses, Shapes::ShapeRef.new(shape: JobStatusList, location: "querystring", location_name: "jobStatuses"))
     ListJobsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: StringForNextToken, location: "querystring", location_name: "nextToken"))
@@ -2794,6 +2822,23 @@ module Aws::S3Control
         )
       end)
 
+      api.add_operation(:list_caller_access_grants, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListCallerAccessGrants"
+        o.http_method = "GET"
+        o.http_request_uri = "/v20180820/accessgrantsinstance/caller/grants"
+        o.http_checksum_required = true
+        o.endpoint_pattern = {
+        }
+        o.input = Shapes::ShapeRef.new(shape: ListCallerAccessGrantsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListCallerAccessGrantsResult)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_jobs, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListJobs"
         o.http_method = "GET"

data/lib/aws-sdk-s3control/endpoints.rb

@@ -1312,6 +1312,26 @@ module Aws::S3Control
       end
     end
 
+    class ListCallerAccessGrants
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::S3Control::EndpointParameters.new(
+          region: context.config.region,
+          use_fips: context.config.use_fips_endpoint,
+          use_dual_stack: context[:use_dualstack_endpoint],
+          endpoint: endpoint,
+          account_id: context.params[:account_id],
+          requires_account_id: true,
+          outpost_id: nil,
+          bucket: nil,
+          access_point_name: nil,
+          use_arn_region: context.config.s3_use_arn_region,
+        )
+      end
+    end
+
     class ListJobs
       def self.build(context)
         unless context.config.regional_endpoint

data/lib/aws-sdk-s3control/plugins/endpoints.rb

@@ -188,6 +188,8 @@ module Aws::S3Control
             Aws::S3Control::Endpoints::ListAccessPoints.build(context)
           when :list_access_points_for_object_lambda
             Aws::S3Control::Endpoints::ListAccessPointsForObjectLambda.build(context)
+          when :list_caller_access_grants
+            Aws::S3Control::Endpoints::ListCallerAccessGrants.build(context)
           when :list_jobs
             Aws::S3Control::Endpoints::ListJobs.build(context)
           when :list_multi_region_access_points

data/lib/aws-sdk-s3control/types.rb

@@ -93,7 +93,8 @@ module Aws::S3Control
     #   if one exists.
     #
     #   <note markdown="1"> This element is empty if this access point is an Amazon S3 on
-    #   Outposts access point that is used by other Amazon Web Services.
+    #   Outposts access point that is used by other Amazon Web
+    #   Servicesservices.
     #
     #    </note>
     #   @return [Types::VpcConfiguration]
@@ -267,8 +268,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] identity_center_arn
@@ -541,8 +541,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] access_grants_location_id
@@ -697,8 +696,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] identity_center_arn
@@ -743,16 +741,47 @@ module Aws::S3Control
     #   @return [String]
     #
     # @!attribute [rw] access_grants_instance_arn
-    #   The Amazon Resource Name (ARN) of the S3 Access Grants instance.
+    #   The Amazon Resource Name (ARN) of the Amazon Web Services IAM
+    #   Identity Center instance that you are associating with your S3
+    #   Access Grants instance. An IAM Identity Center instance is your
+    #   corporate identity directory that you added to the IAM Identity
+    #   Center. You can use the [ListInstances][1] API operation to retrieve
+    #   a list of your Identity Center instances and their ARNs.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
     #   @return [String]
     #
     # @!attribute [rw] identity_center_arn
     #   If you associated your S3 Access Grants instance with an Amazon Web
     #   Services IAM Identity Center instance, this field returns the Amazon
     #   Resource Name (ARN) of the IAM Identity Center instance application;
-    #   a subresource of the original Identity Center instance passed in the
-    #   request. S3 Access Grants creates this Identity Center application
-    #   for this specific S3 Access Grants instance.
+    #   a subresource of the original Identity Center instance. S3 Access
+    #   Grants creates this Identity Center application for the specific S3
+    #   Access Grants instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_center_instance_arn
+    #   The Amazon Resource Name (ARN) of the Amazon Web Services IAM
+    #   Identity Center instance that you are associating with your S3
+    #   Access Grants instance. An IAM Identity Center instance is your
+    #   corporate identity directory that you added to the IAM Identity
+    #   Center. You can use the [ListInstances][1] API operation to retrieve
+    #   a list of your Identity Center instances and their ARNs.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_center_application_arn
+    #   If you associated your S3 Access Grants instance with an Amazon Web
+    #   Services IAM Identity Center instance, this field returns the Amazon
+    #   Resource Name (ARN) of the IAM Identity Center instance application;
+    #   a subresource of the original Identity Center instance. S3 Access
+    #   Grants creates this Identity Center application for the specific S3
+    #   Access Grants instance.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/CreateAccessGrantsInstanceResult AWS API Documentation
@@ -761,14 +790,15 @@ module Aws::S3Control
       :created_at,
       :access_grants_instance_id,
       :access_grants_instance_arn,
-      :identity_center_arn)
+      :identity_center_arn,
+      :identity_center_instance_arn,
+      :identity_center_application_arn)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] location_scope
@@ -1373,8 +1403,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] access_grant_id
@@ -1392,8 +1421,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsInstanceRequest AWS API Documentation
@@ -1405,8 +1433,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DeleteAccessGrantsInstanceResourcePolicyRequest AWS API Documentation
@@ -1418,8 +1445,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] access_grants_location_id
@@ -2046,8 +2072,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/DissociateAccessGrantsIdentityCenterRequest AWS API Documentation
@@ -2059,7 +2084,12 @@ module Aws::S3Control
     end
 
     # Specifies encryption-related information for an Amazon S3 bucket that
-    # is a destination for replicated objects.
+    # is a destination for replicated objects. If you're specifying a
+    # customer managed KMS key, we recommend using a fully qualified KMS key
+    # ARN. If you use a KMS key alias instead, then KMS resolves the key
+    # within the requester’s account. This behavior can result in data
+    # that's encrypted with a KMS key that belongs to the requester, and
+    # not the bucket owner.
     #
     # <note markdown="1"> This is not supported by Amazon S3 on Outposts buckets.
     #
@@ -2168,8 +2198,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] access_grant_id
@@ -2296,8 +2325,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstanceRequest AWS API Documentation
@@ -2309,8 +2337,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/GetAccessGrantsInstanceResourcePolicyRequest AWS API Documentation
@@ -2357,10 +2384,32 @@ module Aws::S3Control
     # @!attribute [rw] identity_center_arn
     #   If you associated your S3 Access Grants instance with an Amazon Web
     #   Services IAM Identity Center instance, this field returns the Amazon
-    #   Resource Name (ARN) of the Amazon Web Services IAM Identity Center
-    #   instance application; a subresource of the original Identity Center
-    #   instance. S3 Access Grants creates this Identity Center application
-    #   for the specific S3 Access Grants instance.
+    #   Resource Name (ARN) of the IAM Identity Center instance application;
+    #   a subresource of the original Identity Center instance. S3 Access
+    #   Grants creates this Identity Center application for the specific S3
+    #   Access Grants instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_center_instance_arn
+    #   The Amazon Resource Name (ARN) of the Amazon Web Services IAM
+    #   Identity Center instance that you are associating with your S3
+    #   Access Grants instance. An IAM Identity Center instance is your
+    #   corporate identity directory that you added to the IAM Identity
+    #   Center. You can use the [ListInstances][1] API operation to retrieve
+    #   a list of your Identity Center instances and their ARNs.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_center_application_arn
+    #   If you associated your S3 Access Grants instance with an Amazon Web
+    #   Services IAM Identity Center instance, this field returns the Amazon
+    #   Resource Name (ARN) of the IAM Identity Center instance application;
+    #   a subresource of the original Identity Center instance. S3 Access
+    #   Grants creates this Identity Center application for the specific S3
+    #   Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] created_at
@@ -2373,14 +2422,15 @@ module Aws::S3Control
       :access_grants_instance_arn,
       :access_grants_instance_id,
       :identity_center_arn,
+      :identity_center_instance_arn,
+      :identity_center_application_arn,
       :created_at)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] access_grants_location_id
@@ -2716,7 +2766,8 @@ module Aws::S3Control
     #   specified access point.
     #
     #   <note markdown="1"> This element is empty if this access point is an Amazon S3 on
-    #   Outposts access point that is used by other Amazon Web Services.
+    #   Outposts access point that is used by other Amazon Web
+    #   Servicesservices.
     #
     #    </note>
     #   @return [Types::VpcConfiguration]
@@ -3032,8 +3083,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] target
@@ -4110,17 +4160,23 @@ module Aws::S3Control
     #
     # @!attribute [rw] match_any_prefix
     #   If provided, the generated manifest includes objects where the
-    #   specified string appears at the start of the object key string.
+    #   specified string appears at the start of the object key string. Each
+    #   KeyNameConstraint filter accepts an array of strings with a length
+    #   of 1 string.
     #   @return [Array<String>]
     #
     # @!attribute [rw] match_any_suffix
     #   If provided, the generated manifest includes objects where the
-    #   specified string appears at the end of the object key string.
+    #   specified string appears at the end of the object key string. Each
+    #   KeyNameConstraint filter accepts an array of strings with a length
+    #   of 1 string.
     #   @return [Array<String>]
     #
     # @!attribute [rw] match_any_substring
     #   If provided, the generated manifest includes objects where the
-    #   specified string appears anywhere within the object key string.
+    #   specified string appears anywhere within the object key string. Each
+    #   KeyNameConstraint filter accepts an array of strings with a length
+    #   of 1 string.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/KeyNameConstraint AWS API Documentation
@@ -4483,20 +4539,43 @@ module Aws::S3Control
     #   Access Grants instance.
     #   @return [String]
     #
+    # @!attribute [rw] identity_center_instance_arn
+    #   The Amazon Resource Name (ARN) of the Amazon Web Services IAM
+    #   Identity Center instance that you are associating with your S3
+    #   Access Grants instance. An IAM Identity Center instance is your
+    #   corporate identity directory that you added to the IAM Identity
+    #   Center. You can use the [ListInstances][1] API operation to retrieve
+    #   a list of your Identity Center instances and their ARNs.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_center_application_arn
+    #   If you associated your S3 Access Grants instance with an Amazon Web
+    #   Services IAM Identity Center instance, this field returns the Amazon
+    #   Resource Name (ARN) of the IAM Identity Center instance application;
+    #   a subresource of the original Identity Center instance. S3 Access
+    #   Grants creates this Identity Center application for the specific S3
+    #   Access Grants instance.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListAccessGrantsInstanceEntry AWS API Documentation
     #
     class ListAccessGrantsInstanceEntry < Struct.new(
       :access_grants_instance_id,
       :access_grants_instance_arn,
       :created_at,
-      :identity_center_arn)
+      :identity_center_arn,
+      :identity_center_instance_arn,
+      :identity_center_application_arn)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -4589,8 +4668,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -4649,8 +4727,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -4870,6 +4947,107 @@ module Aws::S3Control
       include Aws::Structure
     end
 
+    # Part of `ListCallerAccessGrantsResult`. Each entry includes the
+    # permission level (READ, WRITE, or READWRITE) and the grant scope of
+    # the access grant. If the grant also includes an application ARN, the
+    # grantee can only access the S3 data through this application.
+    #
+    # @!attribute [rw] permission
+    #   The type of permission granted, which can be one of the following
+    #   values:
+    #
+    #   * `READ` - Grants read-only access to the S3 data.
+    #
+    #   * `WRITE` - Grants write-only access to the S3 data.
+    #
+    #   * `READWRITE` - Grants both read and write access to the S3 data.
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_scope
+    #   The S3 path of the data to which you have been granted access.
+    #   @return [String]
+    #
+    # @!attribute [rw] application_arn
+    #   The Amazon Resource Name (ARN) of an Amazon Web Services IAM
+    #   Identity Center application associated with your Identity Center
+    #   instance. If the grant includes an application ARN, the grantee can
+    #   only access the S3 data through this application.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListCallerAccessGrantsEntry AWS API Documentation
+    #
+    class ListCallerAccessGrantsEntry < Struct.new(
+      :permission,
+      :grant_scope,
+      :application_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] account_id
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] grant_scope
+    #   The S3 path of the data that you would like to access. Must start
+    #   with `s3://`. You can optionally pass only the beginning characters
+    #   of a path, and S3 Access Grants will search for all applicable
+    #   grants for the path fragment.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   A pagination token to request the next page of results. Pass this
+    #   value into a subsequent `List Caller Access Grants` request in order
+    #   to retrieve the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of access grants that you would like returned in
+    #   the `List Caller Access Grants` response. If the results include the
+    #   pagination token `NextToken`, make another call using the
+    #   `NextToken` to determine if there are more results.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] allowed_by_application
+    #   If this optional parameter is passed in the request, a filter is
+    #   applied to the results. The results will include only the access
+    #   grants for the caller's Identity Center application or for any
+    #   other applications (`ALL`).
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListCallerAccessGrantsRequest AWS API Documentation
+    #
+    class ListCallerAccessGrantsRequest < Struct.new(
+      :account_id,
+      :grant_scope,
+      :next_token,
+      :max_results,
+      :allowed_by_application)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   A pagination token that you can use to request the next page of
+    #   results. Pass this value into a subsequent `List Caller Access
+    #   Grants` request in order to retrieve the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] caller_access_grants_list
+    #   A list of the caller's access grants that were created using S3
+    #   Access Grants and that grant the caller access to the S3 data of the
+    #   Amazon Web Services account ID that was specified in the request.
+    #   @return [Array<Types::ListCallerAccessGrantsEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListCallerAccessGrantsResult AWS API Documentation
+    #
+    class ListCallerAccessGrantsResult < Struct.new(
+      :next_token,
+      :caller_access_grants_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] account_id
     #   The Amazon Web Services account ID associated with the S3 Batch
     #   Operations job.
@@ -5789,7 +5967,7 @@ module Aws::S3Control
     #   Specifies whether Amazon S3 should restrict public bucket policies
     #   for buckets in this account. Setting this element to `TRUE`
     #   restricts access to buckets with public policies to only Amazon Web
-    #   Service principals and authorized users within this account.
+    #   Servicesservice principals and authorized users within this account.
     #
     #   Enabling this setting doesn't affect previously stored bucket
     #   policies, except that public and cross-account access within any
@@ -5811,8 +5989,7 @@ module Aws::S3Control
     end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] policy
@@ -7048,7 +7225,7 @@ module Aws::S3Control
     #   @return [String]
     #
     # @!attribute [rw] source_bucket
-    #   The source bucket used by the ManifestGenerator.
+    #   The ARN of the source bucket used by the ManifestGenerator.
     #
     #   <note markdown="1"> **Directory buckets** - Directory buckets aren't supported as the
     #   source buckets used by `S3JobManifestGenerator` to generate the job
@@ -8071,8 +8248,7 @@ module Aws::S3Control
     class UntagResourceResult < Aws::EmptyStructure; end
 
     # @!attribute [rw] account_id
-    #   The ID of the Amazon Web Services account that is making this
-    #   request.
+    #   The Amazon Web Services account ID of the S3 Access Grants instance.
     #   @return [String]
     #
     # @!attribute [rw] access_grants_location_id

data/lib/aws-sdk-s3control.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-s3control/customizations'
 # @!group service
 module Aws::S3Control
 
-  GEM_VERSION = '1.88.0'
+  GEM_VERSION = '1.89.0'
 
 end

data/sig/client.rbs

@@ -123,6 +123,8 @@ module Aws
         def access_grants_instance_id: () -> ::String
         def access_grants_instance_arn: () -> ::String
         def identity_center_arn: () -> ::String
+        def identity_center_instance_arn: () -> ::String
+        def identity_center_application_arn: () -> ::String
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3Control/Client.html#create_access_grants_instance-instance_method
       def create_access_grants_instance: (
@@ -698,6 +700,8 @@ module Aws
         def access_grants_instance_arn: () -> ::String
         def access_grants_instance_id: () -> ::String
         def identity_center_arn: () -> ::String
+        def identity_center_instance_arn: () -> ::String
+        def identity_center_application_arn: () -> ::String
         def created_at: () -> ::Time
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3Control/Client.html#get_access_grants_instance-instance_method
@@ -1090,6 +1094,21 @@ module Aws
                                                 ) -> _ListAccessPointsForObjectLambdaResponseSuccess
                                               | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListAccessPointsForObjectLambdaResponseSuccess
 
+      interface _ListCallerAccessGrantsResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::ListCallerAccessGrantsResult]
+        def next_token: () -> ::String
+        def caller_access_grants_list: () -> ::Array[Types::ListCallerAccessGrantsEntry]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3Control/Client.html#list_caller_access_grants-instance_method
+      def list_caller_access_grants: (
+                                       ?account_id: ::String,
+                                       ?grant_scope: ::String,
+                                       ?next_token: ::String,
+                                       ?max_results: ::Integer,
+                                       ?allowed_by_application: bool
+                                     ) -> _ListCallerAccessGrantsResponseSuccess
+                                   | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListCallerAccessGrantsResponseSuccess
+
       interface _ListJobsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::ListJobsResult]
         def next_token: () -> ::String

data/sig/types.rbs

@@ -164,6 +164,8 @@ module Aws::S3Control
       attr_accessor access_grants_instance_id: ::String
       attr_accessor access_grants_instance_arn: ::String
       attr_accessor identity_center_arn: ::String
+      attr_accessor identity_center_instance_arn: ::String
+      attr_accessor identity_center_application_arn: ::String
       SENSITIVE: []
     end
 
@@ -547,6 +549,8 @@ module Aws::S3Control
       attr_accessor access_grants_instance_arn: ::String
       attr_accessor access_grants_instance_id: ::String
       attr_accessor identity_center_arn: ::String
+      attr_accessor identity_center_instance_arn: ::String
+      attr_accessor identity_center_application_arn: ::String
       attr_accessor created_at: ::Time
       SENSITIVE: []
     end
@@ -1067,6 +1071,8 @@ module Aws::S3Control
       attr_accessor access_grants_instance_arn: ::String
       attr_accessor created_at: ::Time
       attr_accessor identity_center_arn: ::String
+      attr_accessor identity_center_instance_arn: ::String
+      attr_accessor identity_center_application_arn: ::String
       SENSITIVE: []
     end
 
@@ -1151,6 +1157,28 @@ module Aws::S3Control
       SENSITIVE: []
     end
 
+    class ListCallerAccessGrantsEntry
+      attr_accessor permission: ("READ" | "WRITE" | "READWRITE")
+      attr_accessor grant_scope: ::String
+      attr_accessor application_arn: ::String
+      SENSITIVE: []
+    end
+
+    class ListCallerAccessGrantsRequest
+      attr_accessor account_id: ::String
+      attr_accessor grant_scope: ::String
+      attr_accessor next_token: ::String
+      attr_accessor max_results: ::Integer
+      attr_accessor allowed_by_application: bool
+      SENSITIVE: []
+    end
+
+    class ListCallerAccessGrantsResult
+      attr_accessor next_token: ::String
+      attr_accessor caller_access_grants_list: ::Array[Types::ListCallerAccessGrantsEntry]
+      SENSITIVE: []
+    end
+
     class ListJobsRequest
       attr_accessor account_id: ::String
       attr_accessor job_statuses: ::Array[("Active" | "Cancelled" | "Cancelling" | "Complete" | "Completing" | "Failed" | "Failing" | "New" | "Paused" | "Pausing" | "Preparing" | "Ready" | "Suspended")]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-s3control
 version: !ruby/object:Gem::Version
-  version: 1.88.0
+  version: 1.89.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-03 00:00:00.000000000 Z
+date: 2024-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core