aws-sdk-storagegateway 1.94.0 → 1.95.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f0914d8108f99e02db2962ae9d05525593f72784519f13d2bac0c6e1d6f0a02
-  data.tar.gz: 327a40525e4d2092aa34b6e7de591341244d99cea09e5386fbec22683a86beca
+  metadata.gz: 1505583933fee1695cf586f60032612bc7b2a5f49d8baf5babb963215150a323
+  data.tar.gz: d72049d456ad5a6d0efb62888bcbc2ec614ea8f67deacc443ccc179df405d200
 SHA512:
-  metadata.gz: 0c78804bd83742f8b98fc92d7e229d692ea49c27e2e34fd043f9e8e617207f162b7dadc8a8d26b29b52cda9a8f1288cf5c502df9ba2a4314edc2e0eed888b9fc
-  data.tar.gz: 0ddd9087bc3fce04133c61703941db3e84e907e2e60959adaab85fa10c8086414468d2ecde84a57b174f93d1bdc5e882e80f79c61b2f862014f3f245be488ffb
+  metadata.gz: a62893f952ebfc0eed4c797c74b3dd4fbce5c9afdaef9a0e8a6e3d7bc5daf392760b9b182d939a40916fcf4a7a793f383b5adbe1375ca746e2954be6e54b2f15
+  data.tar.gz: 1544f47cec2e18c0d20eceaebbebff105f66a98efef5ace092202bad117c75be9adfc1a966e13b9c0387ebc4cb63909c953da6db5b1a74fc5cdf5d60cf187158

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.95.0 (2024-09-12)
+------------------
+
+* Feature - The S3 File Gateway now supports DSSE-KMS encryption. A new parameter EncryptionType is added to these APIs: CreateSmbFileShare, CreateNfsFileShare, UpdateSmbFileShare, UpdateNfsFileShare, DescribeSmbFileShares, DescribeNfsFileShares. Also, in favor of EncryptionType, KmsEncrypted is deprecated.
+
 1.94.0 (2024-09-11)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.94.0
+1.95.0

data/lib/aws-sdk-storagegateway/client.rb

@@ -1367,17 +1367,48 @@ module Aws::StorageGateway
     #   The Amazon Resource Name (ARN) of the S3 File Gateway on which you
     #   want to create a file share.
     #
+    # @option params [String] :encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
+    #
     # @option params [Boolean] :kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by Amazon
+    #   S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #
     # @option params [String] :kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway does
-    #   not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #
     # @option params [required, String] :role
     #   The ARN of the Identity and Access Management (IAM) role that an S3
@@ -1503,6 +1534,10 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -1552,6 +1587,7 @@ module Aws::StorageGateway
     #       owner_id: 1,
     #     },
     #     gateway_arn: "GatewayARN", # required
+    #     encryption_type: "SseS3", # accepts SseS3, SseKms, DsseKms
     #     kms_encrypted: false,
     #     kms_key: "KMSKey",
     #     role: "Role", # required
@@ -1624,17 +1660,48 @@ module Aws::StorageGateway
     #   The ARN of the S3 File Gateway on which you want to create a file
     #   share.
     #
+    # @option params [String] :encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
+    #
     # @option params [Boolean] :kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by Amazon
+    #   S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #
     # @option params [String] :kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway does
-    #   not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #
     # @option params [required, String] :role
     #   The ARN of the Identity and Access Management (IAM) role that an S3
@@ -1716,14 +1783,14 @@ module Aws::StorageGateway
     #   SMB file share. Set it to `false` to map file and directory
     #   permissions to the POSIX permissions.
     #
-    #   For more information, see [Using Microsoft Windows ACLs to control
-    #   access to an SMB file share][1] in the *Storage Gateway User Guide*.
+    #   For more information, see [Using Windows ACLs to limit SMB file share
+    #   access][1] in the *Amazon S3 File Gateway User Guide*.
     #
     #   Valid Values: `true` \| `false`
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html
+    #   [1]: https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html
     #
     # @option params [Boolean] :access_based_enumeration
     #   The files and folders on this share will only be visible to users with
@@ -1801,6 +1868,10 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -1853,6 +1924,7 @@ module Aws::StorageGateway
     #   resp = client.create_smb_file_share({
     #     client_token: "ClientToken", # required
     #     gateway_arn: "GatewayARN", # required
+    #     encryption_type: "SseS3", # accepts SseS3, SseKms, DsseKms
     #     kms_encrypted: false,
     #     kms_key: "KMSKey",
     #     role: "Role", # required
@@ -3701,6 +3773,7 @@ module Aws::StorageGateway
     #   resp.nfs_file_share_info_list[0].file_share_id #=> String
     #   resp.nfs_file_share_info_list[0].file_share_status #=> String
     #   resp.nfs_file_share_info_list[0].gateway_arn #=> String
+    #   resp.nfs_file_share_info_list[0].encryption_type #=> String, one of "SseS3", "SseKms", "DsseKms"
     #   resp.nfs_file_share_info_list[0].kms_encrypted #=> Boolean
     #   resp.nfs_file_share_info_list[0].kms_key #=> String
     #   resp.nfs_file_share_info_list[0].path #=> String
@@ -3758,6 +3831,7 @@ module Aws::StorageGateway
     #   resp.smb_file_share_info_list[0].file_share_id #=> String
     #   resp.smb_file_share_info_list[0].file_share_status #=> String
     #   resp.smb_file_share_info_list[0].gateway_arn #=> String
+    #   resp.smb_file_share_info_list[0].encryption_type #=> String, one of "SseS3", "SseKms", "DsseKms"
     #   resp.smb_file_share_info_list[0].kms_encrypted #=> Boolean
     #   resp.smb_file_share_info_list[0].kms_key #=> String
     #   resp.smb_file_share_info_list[0].path #=> String
@@ -6654,7 +6728,11 @@ module Aws::StorageGateway
     #   `ALL_VERSIONS` - Enables regular gateway maintenance updates.
     #
     #   `EMERGENCY_VERSIONS_ONLY` - Disables regular gateway maintenance
-    #   updates.
+    #   updates. The gateway will still receive emergency version updates on
+    #   rare occasions if necessary to remedy highly critical security or
+    #   durability issues. You will be notified before an emergency version
+    #   update is applied. These updates are applied during your gateway's
+    #   scheduled maintenance window.
     #
     # @return [Types::UpdateMaintenanceStartTimeOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -6727,17 +6805,48 @@ module Aws::StorageGateway
     # @option params [required, String] :file_share_arn
     #   The Amazon Resource Name (ARN) of the file share to be updated.
     #
+    # @option params [String] :encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
+    #
     # @option params [Boolean] :kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by Amazon
+    #   S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #
     # @option params [String] :kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway does
-    #   not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #
     # @option params [Types::NFSFileShareDefaults] :nfs_file_share_defaults
     #   The default values for the file share. Optional.
@@ -6820,6 +6929,10 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -6842,6 +6955,7 @@ module Aws::StorageGateway
     #
     #   resp = client.update_nfs_file_share({
     #     file_share_arn: "FileShareARN", # required
+    #     encryption_type: "SseS3", # accepts SseS3, SseKms, DsseKms
     #     kms_encrypted: false,
     #     kms_key: "KMSKey",
     #     nfs_file_share_defaults: {
@@ -6908,17 +7022,48 @@ module Aws::StorageGateway
     #   The Amazon Resource Name (ARN) of the SMB file share that you want to
     #   update.
     #
+    # @option params [String] :encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
+    #
     # @option params [Boolean] :kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by Amazon
+    #   S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must be
+    #   `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #
     # @option params [String] :kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway does
-    #   not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #
     # @option params [String] :default_storage_class
     #   The default storage class for objects put into an Amazon S3 bucket by
@@ -6965,14 +7110,14 @@ module Aws::StorageGateway
     #   SMB file share. Set it to `false` to map file and directory
     #   permissions to the POSIX permissions.
     #
-    #   For more information, see [Using Microsoft Windows ACLs to control
-    #   access to an SMB file share][1] in the *Storage Gateway User Guide*.
+    #   For more information, see [Using Windows ACLs to limit SMB file share
+    #   access][1] in the *Amazon S3 File Gateway User Guide*.
     #
     #   Valid Values: `true` \| `false`
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html
+    #   [1]: https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html
     #
     # @option params [Boolean] :access_based_enumeration
     #   The files and folders on this share will only be visible to users with
@@ -7031,6 +7176,10 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -7062,6 +7211,7 @@ module Aws::StorageGateway
     #
     #   resp = client.update_smb_file_share({
     #     file_share_arn: "FileShareARN", # required
+    #     encryption_type: "SseS3", # accepts SseS3, SseKms, DsseKms
     #     kms_encrypted: false,
     #     kms_key: "KMSKey",
     #     default_storage_class: "StorageClass",
@@ -7403,7 +7553,7 @@ module Aws::StorageGateway
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-storagegateway'
-      context[:gem_version] = '1.94.0'
+      context[:gem_version] = '1.95.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-storagegateway/client_api.rb

@@ -165,6 +165,7 @@ module Aws::StorageGateway
     DoubleObject = Shapes::FloatShape.new(name: 'DoubleObject')
     Ec2InstanceId = Shapes::StringShape.new(name: 'Ec2InstanceId')
     Ec2InstanceRegion = Shapes::StringShape.new(name: 'Ec2InstanceRegion')
+    EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
     EndpointNetworkConfiguration = Shapes::StructureShape.new(name: 'EndpointNetworkConfiguration')
     EndpointType = Shapes::StringShape.new(name: 'EndpointType')
     ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
@@ -561,7 +562,8 @@ module Aws::StorageGateway
     CreateNFSFileShareInput.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, required: true, location_name: "ClientToken"))
     CreateNFSFileShareInput.add_member(:nfs_file_share_defaults, Shapes::ShapeRef.new(shape: NFSFileShareDefaults, location_name: "NFSFileShareDefaults"))
     CreateNFSFileShareInput.add_member(:gateway_arn, Shapes::ShapeRef.new(shape: GatewayARN, required: true, location_name: "GatewayARN"))
-    CreateNFSFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, location_name: "KMSEncrypted"))
+    CreateNFSFileShareInput.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType"))
+    CreateNFSFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, deprecated: true, location_name: "KMSEncrypted", metadata: {"deprecatedMessage"=>"KMSEncrypted is deprecated, use EncryptionType instead."}))
     CreateNFSFileShareInput.add_member(:kms_key, Shapes::ShapeRef.new(shape: KMSKey, location_name: "KMSKey"))
     CreateNFSFileShareInput.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
     CreateNFSFileShareInput.add_member(:location_arn, Shapes::ShapeRef.new(shape: LocationARN, required: true, location_name: "LocationARN"))
@@ -586,7 +588,8 @@ module Aws::StorageGateway
 
     CreateSMBFileShareInput.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, required: true, location_name: "ClientToken"))
     CreateSMBFileShareInput.add_member(:gateway_arn, Shapes::ShapeRef.new(shape: GatewayARN, required: true, location_name: "GatewayARN"))
-    CreateSMBFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, location_name: "KMSEncrypted"))
+    CreateSMBFileShareInput.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType"))
+    CreateSMBFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, deprecated: true, location_name: "KMSEncrypted", metadata: {"deprecatedMessage"=>"KMSEncrypted is deprecated, use EncryptionType instead."}))
     CreateSMBFileShareInput.add_member(:kms_key, Shapes::ShapeRef.new(shape: KMSKey, location_name: "KMSKey"))
     CreateSMBFileShareInput.add_member(:role, Shapes::ShapeRef.new(shape: Role, required: true, location_name: "Role"))
     CreateSMBFileShareInput.add_member(:location_arn, Shapes::ShapeRef.new(shape: LocationARN, required: true, location_name: "LocationARN"))
@@ -1183,7 +1186,8 @@ module Aws::StorageGateway
     NFSFileShareInfo.add_member(:file_share_id, Shapes::ShapeRef.new(shape: FileShareId, location_name: "FileShareId"))
     NFSFileShareInfo.add_member(:file_share_status, Shapes::ShapeRef.new(shape: FileShareStatus, location_name: "FileShareStatus"))
     NFSFileShareInfo.add_member(:gateway_arn, Shapes::ShapeRef.new(shape: GatewayARN, location_name: "GatewayARN"))
-    NFSFileShareInfo.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: boolean, location_name: "KMSEncrypted"))
+    NFSFileShareInfo.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType"))
+    NFSFileShareInfo.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: boolean, deprecated: true, location_name: "KMSEncrypted", metadata: {"deprecatedMessage"=>"KMSEncrypted is deprecated, use EncryptionType instead."}))
     NFSFileShareInfo.add_member(:kms_key, Shapes::ShapeRef.new(shape: KMSKey, location_name: "KMSKey"))
     NFSFileShareInfo.add_member(:path, Shapes::ShapeRef.new(shape: Path, location_name: "Path"))
     NFSFileShareInfo.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
@@ -1270,7 +1274,8 @@ module Aws::StorageGateway
     SMBFileShareInfo.add_member(:file_share_id, Shapes::ShapeRef.new(shape: FileShareId, location_name: "FileShareId"))
     SMBFileShareInfo.add_member(:file_share_status, Shapes::ShapeRef.new(shape: FileShareStatus, location_name: "FileShareStatus"))
     SMBFileShareInfo.add_member(:gateway_arn, Shapes::ShapeRef.new(shape: GatewayARN, location_name: "GatewayARN"))
-    SMBFileShareInfo.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: boolean, location_name: "KMSEncrypted"))
+    SMBFileShareInfo.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType"))
+    SMBFileShareInfo.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: boolean, deprecated: true, location_name: "KMSEncrypted", metadata: {"deprecatedMessage"=>"KMSEncrypted is deprecated, use EncryptionType instead."}))
     SMBFileShareInfo.add_member(:kms_key, Shapes::ShapeRef.new(shape: KMSKey, location_name: "KMSKey"))
     SMBFileShareInfo.add_member(:path, Shapes::ShapeRef.new(shape: Path, location_name: "Path"))
     SMBFileShareInfo.add_member(:role, Shapes::ShapeRef.new(shape: Role, location_name: "Role"))
@@ -1501,7 +1506,8 @@ module Aws::StorageGateway
     UpdateMaintenanceStartTimeOutput.struct_class = Types::UpdateMaintenanceStartTimeOutput
 
     UpdateNFSFileShareInput.add_member(:file_share_arn, Shapes::ShapeRef.new(shape: FileShareARN, required: true, location_name: "FileShareARN"))
-    UpdateNFSFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, location_name: "KMSEncrypted"))
+    UpdateNFSFileShareInput.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType"))
+    UpdateNFSFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, deprecated: true, location_name: "KMSEncrypted", metadata: {"deprecatedMessage"=>"KMSEncrypted is deprecated, use EncryptionType instead."}))
     UpdateNFSFileShareInput.add_member(:kms_key, Shapes::ShapeRef.new(shape: KMSKey, location_name: "KMSKey"))
     UpdateNFSFileShareInput.add_member(:nfs_file_share_defaults, Shapes::ShapeRef.new(shape: NFSFileShareDefaults, location_name: "NFSFileShareDefaults"))
     UpdateNFSFileShareInput.add_member(:default_storage_class, Shapes::ShapeRef.new(shape: StorageClass, location_name: "DefaultStorageClass"))
@@ -1521,7 +1527,8 @@ module Aws::StorageGateway
     UpdateNFSFileShareOutput.struct_class = Types::UpdateNFSFileShareOutput
 
     UpdateSMBFileShareInput.add_member(:file_share_arn, Shapes::ShapeRef.new(shape: FileShareARN, required: true, location_name: "FileShareARN"))
-    UpdateSMBFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, location_name: "KMSEncrypted"))
+    UpdateSMBFileShareInput.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "EncryptionType"))
+    UpdateSMBFileShareInput.add_member(:kms_encrypted, Shapes::ShapeRef.new(shape: Boolean, deprecated: true, location_name: "KMSEncrypted", metadata: {"deprecatedMessage"=>"KMSEncrypted is deprecated, use EncryptionType instead."}))
     UpdateSMBFileShareInput.add_member(:kms_key, Shapes::ShapeRef.new(shape: KMSKey, location_name: "KMSKey"))
     UpdateSMBFileShareInput.add_member(:default_storage_class, Shapes::ShapeRef.new(shape: StorageClass, location_name: "DefaultStorageClass"))
     UpdateSMBFileShareInput.add_member(:object_acl, Shapes::ShapeRef.new(shape: ObjectACL, location_name: "ObjectACL"))

data/lib/aws-sdk-storagegateway/types.rb

@@ -762,10 +762,11 @@ module Aws::StorageGateway
     #   @return [Integer]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] target_name
@@ -1044,18 +1045,50 @@ module Aws::StorageGateway
     #   want to create a file share.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
+    #   @return [String]
+    #
     # @!attribute [rw] kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by
+    #   Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #   @return [Boolean]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] role
@@ -1198,6 +1231,11 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send
+    #   notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -1242,6 +1280,7 @@ module Aws::StorageGateway
       :client_token,
       :nfs_file_share_defaults,
       :gateway_arn,
+      :encryption_type,
       :kms_encrypted,
       :kms_key,
       :role,
@@ -1290,18 +1329,50 @@ module Aws::StorageGateway
     #   share.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
+    #   @return [String]
+    #
     # @!attribute [rw] kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by
+    #   Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #   @return [Boolean]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] role
@@ -1394,14 +1465,14 @@ module Aws::StorageGateway
     #   SMB file share. Set it to `false` to map file and directory
     #   permissions to the POSIX permissions.
     #
-    #   For more information, see [Using Microsoft Windows ACLs to control
-    #   access to an SMB file share][1] in the *Storage Gateway User Guide*.
+    #   For more information, see [Using Windows ACLs to limit SMB file
+    #   share access][1] in the *Amazon S3 File Gateway User Guide*.
     #
     #   Valid Values: `true` \| `false`
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html
+    #   [1]: https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html
     #   @return [Boolean]
     #
     # @!attribute [rw] access_based_enumeration
@@ -1491,6 +1562,11 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send
+    #   notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -1543,6 +1619,7 @@ module Aws::StorageGateway
     class CreateSMBFileShareInput < Struct.new(
       :client_token,
       :gateway_arn,
+      :encryption_type,
       :kms_encrypted,
       :kms_key,
       :role,
@@ -2997,12 +3074,17 @@ module Aws::StorageGateway
     #   A set of variables indicating the software update preferences for
     #   the gateway.
     #
-    #   Includes `AutomaticUpdatePolicy` field with the following inputs:
+    #   Includes `AutomaticUpdatePolicy` parameter with the following
+    #   inputs:
     #
     #   `ALL_VERSIONS` - Enables regular gateway maintenance updates.
     #
     #   `EMERGENCY_VERSIONS_ONLY` - Disables regular gateway maintenance
-    #   updates.
+    #   updates. The gateway will still receive emergency version updates on
+    #   rare occasions if necessary to remedy highly critical security or
+    #   durability issues. You will be notified before an emergency version
+    #   update is applied. These updates are applied during your gateway's
+    #   scheduled maintenance window.
     #   @return [Types::SoftwareUpdatePreferences]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/storagegateway-2013-06-30/DescribeMaintenanceStartTimeOutput AWS API Documentation
@@ -4857,18 +4939,50 @@ module Aws::StorageGateway
     #   Web Services Region.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
+    #   @return [String]
+    #
     # @!attribute [rw] kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by
+    #   Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #   @return [Boolean]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] path
@@ -5009,6 +5123,11 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send
+    #   notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -5055,6 +5174,7 @@ module Aws::StorageGateway
       :file_share_id,
       :file_share_status,
       :gateway_arn,
+      :encryption_type,
       :kms_encrypted,
       :kms_key,
       :path,
@@ -5413,18 +5533,50 @@ module Aws::StorageGateway
     #   Web Services Region.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
+    #   @return [String]
+    #
     # @!attribute [rw] kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by
+    #   Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #   @return [Boolean]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] path
@@ -5523,12 +5675,12 @@ module Aws::StorageGateway
     #   `false`, it indicates that file and directory permissions are mapped
     #   to the POSIX permission.
     #
-    #   For more information, see [Using Microsoft Windows ACLs to control
-    #   access to an SMB file share][1] in the *Storage Gateway User Guide*.
+    #   For more information, see [Using Windows ACLs to limit SMB file
+    #   share access][1] in the *Amazon S3 File Gateway User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html
+    #   [1]: https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html
     #   @return [Boolean]
     #
     # @!attribute [rw] access_based_enumeration
@@ -5609,6 +5761,11 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send
+    #   notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -5663,6 +5820,7 @@ module Aws::StorageGateway
       :file_share_id,
       :file_share_status,
       :gateway_arn,
+      :encryption_type,
       :kms_encrypted,
       :kms_key,
       :path,
@@ -5845,7 +6003,11 @@ module Aws::StorageGateway
     #   `ALL_VERSIONS` - Enables regular gateway maintenance updates.
     #
     #   `EMERGENCY_VERSIONS_ONLY` - Disables regular gateway maintenance
-    #   updates.
+    #   updates. The gateway will still receive emergency version updates on
+    #   rare occasions if necessary to remedy highly critical security or
+    #   durability issues. You will be notified before an emergency version
+    #   update is applied. These updates are applied during your gateway's
+    #   scheduled maintenance window.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/storagegateway-2013-06-30/SoftwareUpdatePreferences AWS API Documentation
@@ -6026,10 +6188,11 @@ module Aws::StorageGateway
     #   @return [Integer]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] target_name
@@ -6129,10 +6292,11 @@ module Aws::StorageGateway
     #   @return [Integer]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] pool_id
@@ -6224,10 +6388,11 @@ module Aws::StorageGateway
     #   @return [Integer]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] pool_id
@@ -6759,7 +6924,11 @@ module Aws::StorageGateway
     #   `ALL_VERSIONS` - Enables regular gateway maintenance updates.
     #
     #   `EMERGENCY_VERSIONS_ONLY` - Disables regular gateway maintenance
-    #   updates.
+    #   updates. The gateway will still receive emergency version updates on
+    #   rare occasions if necessary to remedy highly critical security or
+    #   durability issues. You will be notified before an emergency version
+    #   update is applied. These updates are applied during your gateway's
+    #   scheduled maintenance window.
     #   @return [Types::SoftwareUpdatePreferences]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/storagegateway-2013-06-30/UpdateMaintenanceStartTimeInput AWS API Documentation
@@ -6798,18 +6967,50 @@ module Aws::StorageGateway
     #   The Amazon Resource Name (ARN) of the file share to be updated.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
+    #   @return [String]
+    #
     # @!attribute [rw] kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by
+    #   Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #   @return [Boolean]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] nfs_file_share_defaults
@@ -6907,6 +7108,11 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send
+    #   notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -6927,6 +7133,7 @@ module Aws::StorageGateway
     #
     class UpdateNFSFileShareInput < Struct.new(
       :file_share_arn,
+      :encryption_type,
       :kms_encrypted,
       :kms_key,
       :nfs_file_share_defaults,
@@ -6966,18 +7173,50 @@ module Aws::StorageGateway
     #   to update.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_type
+    #   A value that specifies the type of server-side encryption that the
+    #   file share will use for the data that it stores in Amazon S3.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
+    #   @return [String]
+    #
     # @!attribute [rw] kms_encrypted
-    #   Set to `true` to use Amazon S3 server-side encryption with your own
-    #   KMS key, or `false` to use a key managed by Amazon S3. Optional.
+    #   Optional. Set to `true` to use Amazon S3 server-side encryption with
+    #   your own KMS key (SSE-KMS), or `false` to use a key managed by
+    #   Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the
+    #   `EncryptionType` parameter instead.
+    #
+    #   <note markdown="1"> We recommend using `EncryptionType` instead of `KMSEncrypted` to set
+    #   the file share encryption method. You do not need to provide values
+    #   for both parameters.
+    #
+    #    If values for both parameters exist in the same request, then the
+    #   specified encryption methods must not conflict. For example, if
+    #   `EncryptionType` is `SseS3`, then `KMSEncrypted` must be `false`. If
+    #   `EncryptionType` is `SseKms` or `DsseKms`, then `KMSEncrypted` must
+    #   be `true`.
+    #
+    #    </note>
     #
     #   Valid Values: `true` \| `false`
     #   @return [Boolean]
     #
     # @!attribute [rw] kms_key
-    #   The Amazon Resource Name (ARN) of a symmetric customer master key
-    #   (CMK) used for Amazon S3 server-side encryption. Storage Gateway
-    #   does not support asymmetric CMKs. This value can only be set when
-    #   `KMSEncrypted` is `true`. Optional.
+    #   Optional. The Amazon Resource Name (ARN) of a symmetric customer
+    #   master key (CMK) used for Amazon S3 server-side encryption. Storage
+    #   Gateway does not support asymmetric CMKs. This value must be set if
+    #   `KMSEncrypted` is `true`, or if `EncryptionType` is `SseKms` or
+    #   `DsseKms`.
     #   @return [String]
     #
     # @!attribute [rw] default_storage_class
@@ -7033,14 +7272,14 @@ module Aws::StorageGateway
     #   SMB file share. Set it to `false` to map file and directory
     #   permissions to the POSIX permissions.
     #
-    #   For more information, see [Using Microsoft Windows ACLs to control
-    #   access to an SMB file share][1] in the *Storage Gateway User Guide*.
+    #   For more information, see [Using Windows ACLs to limit SMB file
+    #   share access][1] in the *Amazon S3 File Gateway User Guide*.
     #
     #   Valid Values: `true` \| `false`
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html
+    #   [1]: https://docs.aws.amazon.com/filegateway/latest/files3/smb-acl.html
     #   @return [Boolean]
     #
     # @!attribute [rw] access_based_enumeration
@@ -7108,6 +7347,11 @@ module Aws::StorageGateway
     #   <note markdown="1"> `SettlingTimeInSeconds` has no effect on the timing of the object
     #   uploading to Amazon S3, only the timing of the notification.
     #
+    #    This setting is not meant to specify an exact time at which the
+    #   notification will be sent. In some cases, the gateway might require
+    #   more than the specified delay time to generate and send
+    #   notifications.
+    #
     #    </note>
     #
     #   The following example sets `NotificationPolicy` on with
@@ -7137,6 +7381,7 @@ module Aws::StorageGateway
     #
     class UpdateSMBFileShareInput < Struct.new(
       :file_share_arn,
+      :encryption_type,
       :kms_encrypted,
       :kms_key,
       :default_storage_class,

data/lib/aws-sdk-storagegateway.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-storagegateway/customizations'
 # @!group service
 module Aws::StorageGateway
 
-  GEM_VERSION = '1.94.0'
+  GEM_VERSION = '1.95.0'
 
 end

data/sig/client.rbs

@@ -261,6 +261,7 @@ module Aws
                                      owner_id: ::Integer?
                                    },
                                    gateway_arn: ::String,
+                                   ?encryption_type: ("SseS3" | "SseKms" | "DsseKms"),
                                    ?kms_encrypted: bool,
                                    ?kms_key: ::String,
                                    role: ::String,
@@ -297,6 +298,7 @@ module Aws
       def create_smb_file_share: (
                                    client_token: ::String,
                                    gateway_arn: ::String,
+                                   ?encryption_type: ("SseS3" | "SseKms" | "DsseKms"),
                                    ?kms_encrypted: bool,
                                    ?kms_key: ::String,
                                    role: ::String,
@@ -1271,6 +1273,7 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/StorageGateway/Client.html#update_nfs_file_share-instance_method
       def update_nfs_file_share: (
                                    file_share_arn: ::String,
+                                   ?encryption_type: ("SseS3" | "SseKms" | "DsseKms"),
                                    ?kms_encrypted: bool,
                                    ?kms_key: ::String,
                                    ?nfs_file_share_defaults: {
@@ -1302,6 +1305,7 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/StorageGateway/Client.html#update_smb_file_share-instance_method
       def update_smb_file_share: (
                                    file_share_arn: ::String,
+                                   ?encryption_type: ("SseS3" | "SseKms" | "DsseKms"),
                                    ?kms_encrypted: bool,
                                    ?kms_key: ::String,
                                    ?default_storage_class: ::String,

data/sig/types.rbs

@@ -216,6 +216,7 @@ module Aws::StorageGateway
       attr_accessor client_token: ::String
       attr_accessor nfs_file_share_defaults: Types::NFSFileShareDefaults
       attr_accessor gateway_arn: ::String
+      attr_accessor encryption_type: ("SseS3" | "SseKms" | "DsseKms")
       attr_accessor kms_encrypted: bool
       attr_accessor kms_key: ::String
       attr_accessor role: ::String
@@ -245,6 +246,7 @@ module Aws::StorageGateway
     class CreateSMBFileShareInput
       attr_accessor client_token: ::String
       attr_accessor gateway_arn: ::String
+      attr_accessor encryption_type: ("SseS3" | "SseKms" | "DsseKms")
       attr_accessor kms_encrypted: bool
       attr_accessor kms_key: ::String
       attr_accessor role: ::String
@@ -1038,6 +1040,7 @@ module Aws::StorageGateway
       attr_accessor file_share_id: ::String
       attr_accessor file_share_status: ::String
       attr_accessor gateway_arn: ::String
+      attr_accessor encryption_type: ("SseS3" | "SseKms" | "DsseKms")
       attr_accessor kms_encrypted: bool
       attr_accessor kms_key: ::String
       attr_accessor path: ::String
@@ -1149,6 +1152,7 @@ module Aws::StorageGateway
       attr_accessor file_share_id: ::String
       attr_accessor file_share_status: ::String
       attr_accessor gateway_arn: ::String
+      attr_accessor encryption_type: ("SseS3" | "SseKms" | "DsseKms")
       attr_accessor kms_encrypted: bool
       attr_accessor kms_key: ::String
       attr_accessor path: ::String
@@ -1434,6 +1438,7 @@ module Aws::StorageGateway
 
     class UpdateNFSFileShareInput
       attr_accessor file_share_arn: ::String
+      attr_accessor encryption_type: ("SseS3" | "SseKms" | "DsseKms")
       attr_accessor kms_encrypted: bool
       attr_accessor kms_key: ::String
       attr_accessor nfs_file_share_defaults: Types::NFSFileShareDefaults
@@ -1458,6 +1463,7 @@ module Aws::StorageGateway
 
     class UpdateSMBFileShareInput
       attr_accessor file_share_arn: ::String
+      attr_accessor encryption_type: ("SseS3" | "SseKms" | "DsseKms")
       attr_accessor kms_encrypted: bool
       attr_accessor kms_key: ::String
       attr_accessor default_storage_class: ::String

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-storagegateway
 version: !ruby/object:Gem::Version
-  version: 1.94.0
+  version: 1.95.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-11 00:00:00.000000000 Z
+date: 2024-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core