npm - @aws-sdk/client-s3-control - Versions diffs - 3.454.0 → 3.458.0 - Mend

@aws-sdk/client-s3-control 3.454.0 → 3.458.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -37,6 +37,196 @@ export interface AccessControlTranslation {
      */
     Owner: OwnerOverride | undefined;
 }
+/**
+ * @public
+ * <p>Information about the S3 Access Grants instance.</p>
+ */
+export interface ListAccessGrantsInstanceEntry {
+    /**
+     * @public
+     * <p>The ID of the S3 Access Grants instance. The ID is <code>default</code>. You can have one S3 Access Grants instance per Region per account. </p>
+     */
+    AccessGrantsInstanceId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the S3 Access Grants instance. </p>
+     */
+    AccessGrantsInstanceArn?: string;
+    /**
+     * @public
+     * <p>The date and time when you created the S3 Access Grants instance. </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance. </p>
+     */
+    IdentityCenterArn?: string;
+}
+/**
+ * @public
+ * <p>The configuration options of the S3 Access Grants location. It contains the <code>S3SubPrefix</code> field. The grant scope, the data to which you are granting access, is the result of appending the <code>Subprefix</code> field to the scope of the registered location.</p>
+ */
+export interface AccessGrantsLocationConfiguration {
+    /**
+     * @public
+     * <p>The <code>S3SubPrefix</code> is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location <code>s3://</code> because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location <code>s3://</code>, the <code>S3SubPrefx</code> can be a <bucket-name>/*, so the full grant scope path would be <code>s3://<bucket-name>/*</code>. Or the <code>S3SubPrefx</code> can be <code><bucket-name>/<prefix-name>*</code>, so the full grant scope path would be or <code>s3://<bucket-name>/<prefix-name>*</code>.</p>
+     *          <p>If the <code>S3SubPrefix</code> includes a prefix, append the wildcard character <code>*</code> after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix. </p>
+     */
+    S3SubPrefix?: string;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const GranteeType: {
+    readonly DIRECTORY_GROUP: "DIRECTORY_GROUP";
+    readonly DIRECTORY_USER: "DIRECTORY_USER";
+    readonly IAM: "IAM";
+};
+/**
+ * @public
+ */
+export type GranteeType = (typeof GranteeType)[keyof typeof GranteeType];
+/**
+ * @public
+ * <p>The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.</p>
+ */
+export interface Grantee {
+    /**
+     * @public
+     * <p>The type of the grantee to which access has been granted. It can be one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>IAM</code> - An IAM user or role.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DIRECTORY_USER</code> - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DIRECTORY_GROUP</code> - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.</p>
+     *             </li>
+     *          </ul>
+     */
+    GranteeType?: GranteeType;
+    /**
+     * @public
+     * <p>The unique identifier of the <code>Grantee</code>. If the grantee type is <code>IAM</code>, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format <code>a1b2c3d4-5678-90ab-cdef-EXAMPLE11111</code>. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.</p>
+     */
+    GranteeIdentifier?: string;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const Permission: {
+    readonly READ: "READ";
+    readonly READWRITE: "READWRITE";
+    readonly WRITE: "WRITE";
+};
+/**
+ * @public
+ */
+export type Permission = (typeof Permission)[keyof typeof Permission];
+/**
+ * @public
+ * <p>Information about the access grant.</p>
+ */
+export interface ListAccessGrantEntry {
+    /**
+     * @public
+     * <p>The date and time when you created the S3 Access Grants instance. </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.</p>
+     */
+    AccessGrantId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the access grant. </p>
+     */
+    AccessGrantArn?: string;
+    /**
+     * @public
+     * <p>The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.</p>
+     */
+    Grantee?: Grantee;
+    /**
+     * @public
+     * <p>The type of access granted to your S3 data, which can be set to one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>READ</code> – Grant read-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>WRITE</code> – Grant write-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>READWRITE</code> – Grant both read and write access to the S3 data.</p>
+     *             </li>
+     *          </ul>
+     */
+    Permission?: Permission;
+    /**
+     * @public
+     * <p>The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register.  </p>
+     */
+    AccessGrantsLocationId?: string;
+    /**
+     * @public
+     * <p>The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. </p>
+     */
+    AccessGrantsLocationConfiguration?: AccessGrantsLocationConfiguration;
+    /**
+     * @public
+     * <p>The S3 path of the data to which you are granting access. It is the result of appending the <code>Subprefix</code> to the location scope.</p>
+     */
+    GrantScope?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application. </p>
+     */
+    ApplicationArn?: string;
+}
+/**
+ * @public
+ * <p>A container for information about the registered location.</p>
+ */
+export interface ListAccessGrantsLocationsEntry {
+    /**
+     * @public
+     * <p>The date and time when you registered the location. </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register.  </p>
+     */
+    AccessGrantsLocationId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the registered location. </p>
+     */
+    AccessGrantsLocationArn?: string;
+    /**
+     * @public
+     * <p>The S3 path to the location that you are registering. The location scope can be the default S3 location <code>s3://</code>, the S3 path to a bucket <code>s3://<bucket></code>, or the S3 path to a bucket and prefix <code>s3://<bucket>/<prefix></code>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the <code>engineering/</code> prefix or object key names that start with the <code>marketing/campaigns/</code> prefix.</p>
+     */
+    LocationScope?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location. </p>
+     */
+    IAMRoleArn?: string;
+}
 /**
  * @public
  * @enum
@@ -328,6 +518,21 @@ export interface AccountLevel {
      */
     StorageLensGroupLevel?: StorageLensGroupLevel;
 }
+/**
+ * @public
+ */
+export interface AssociateAccessGrantsIdentityCenterRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the <a href="https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html">ListInstances</a> API operation to retrieve a list of your Identity Center instances and their ARNs.</p>
+     */
+    IdentityCenterArn: string | undefined;
+}
 /**
  * @public
  * <p>Error details for the failed asynchronous operation.</p>
@@ -618,119 +823,378 @@ export interface AwsLambdaTransformation {
 }
 /**
  * @public
+ * @enum
  */
-export interface CreateAccessPointRequest {
+export declare const S3PrefixType: {
+    readonly Object: "Object";
+};
+/**
+ * @public
+ */
+export type S3PrefixType = (typeof S3PrefixType)[keyof typeof S3PrefixType];
+/**
+ * @public
+ * <p>
+ *    An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects.
+ * </p>
+ *          <note>
+ *             <p>This operation is only supported for <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html">S3 Storage Lens groups</a> and for <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-tagging.html">S3 Access Grants</a>. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant. </p>
+ *          </note>
+ */
+export interface Tag {
     /**
      * @public
-     * <p>The Amazon Web Services account ID for the account that owns the specified access point.</p>
+     * <p>The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with <code>aws:</code> aren’t supported.
+     *       </p>
+     */
+    Key: string | undefined;
+    /**
+     * @public
+     * <p>
+     *    The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.
+     * </p>
+     */
+    Value: string | undefined;
+}
+/**
+ * @public
+ */
+export interface CreateAccessGrantRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
      */
     AccountId?: string;
     /**
      * @public
-     * <p>The name you want to assign to this access point.</p>
+     * <p>The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register. </p>
+     *          <p>If you are passing the <code>default</code> location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the <code>Subprefix</code> field. </p>
      */
-    Name: string | undefined;
+    AccessGrantsLocationId: string | undefined;
     /**
      * @public
-     * <p>The name of the bucket that you want to associate this access point with.</p>
-     *          <p>For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.</p>
-     *          <p>For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must  specify the ARN of the bucket accessed in the format <code>arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name></code>. For example, to access the bucket <code>reports</code> through Outpost <code>my-outpost</code> owned by account <code>123456789012</code> in Region <code>us-west-2</code>, use the URL encoding of <code>arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports</code>. The value must be URL encoded.  </p>
+     * <p>The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the <code>S3SubPrefix</code> field. The grant scope is the result of appending the subprefix to the location scope of the registered location.</p>
      */
-    Bucket: string | undefined;
+    AccessGrantsLocationConfiguration?: AccessGrantsLocationConfiguration;
     /**
      * @public
-     * <p>If you include this field, Amazon S3 restricts access to this access point to requests from the
-     *          specified virtual private cloud (VPC).</p>
-     *          <note>
-     *             <p>This is required for creating an access point for Amazon S3 on Outposts buckets.</p>
-     *          </note>
+     * <p>The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.</p>
      */
-    VpcConfiguration?: VpcConfiguration;
+    Grantee: Grantee | undefined;
     /**
      * @public
-     * <p> The <code>PublicAccessBlock</code> configuration that you want to apply to the access point.
-     *       </p>
+     * <p>The type of access that you are granting to your S3 data, which can be set to one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>READ</code> – Grant read-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>WRITE</code> – Grant write-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>READWRITE</code> – Grant both read and write access to the S3 data.</p>
+     *             </li>
+     *          </ul>
      */
-    PublicAccessBlockConfiguration?: PublicAccessBlockConfiguration;
+    Permission: Permission | undefined;
     /**
      * @public
-     * <p>The Amazon Web Services account ID associated with the S3 bucket associated with this access point.</p>
+     * <p>The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application. </p>
      */
-    BucketAccountId?: string;
-}
-/**
- * @public
- */
-export interface CreateAccessPointResult {
+    ApplicationArn?: string;
     /**
      * @public
-     * <p>The ARN of the access point.</p>
-     *          <note>
-     *             <p>This is only supported by Amazon S3 on Outposts.</p>
-     *          </note>
+     * <p>The type of <code>S3SubPrefix</code>. The only possible value is <code>Object</code>. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix. </p>
      */
-    AccessPointArn?: string;
+    S3PrefixType?: S3PrefixType;
     /**
      * @public
-     * <p>The name or alias of the access point.</p>
+     * <p>The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. </p>
      */
-    Alias?: string;
+    Tags?: Tag[];
 }
-/**
- * @public
- * @enum
- */
-export declare const ObjectLambdaAllowedFeature: {
-    readonly GetObjectPartNumber: "GetObject-PartNumber";
-    readonly GetObjectRange: "GetObject-Range";
-    readonly HeadObjectPartNumber: "HeadObject-PartNumber";
-    readonly HeadObjectRange: "HeadObject-Range";
-};
-/**
- * @public
- */
-export type ObjectLambdaAllowedFeature = (typeof ObjectLambdaAllowedFeature)[keyof typeof ObjectLambdaAllowedFeature];
-/**
- * @public
- * @enum
- */
-export declare const ObjectLambdaTransformationConfigurationAction: {
-    readonly GetObject: "GetObject";
-    readonly HeadObject: "HeadObject";
-    readonly ListObjects: "ListObjects";
-    readonly ListObjectsV2: "ListObjectsV2";
-};
-/**
- * @public
- */
-export type ObjectLambdaTransformationConfigurationAction = (typeof ObjectLambdaTransformationConfigurationAction)[keyof typeof ObjectLambdaTransformationConfigurationAction];
-/**
- * @public
- * <p>A container for AwsLambdaTransformation.</p>
- */
-export type ObjectLambdaContentTransformation = ObjectLambdaContentTransformation.AwsLambdaMember | ObjectLambdaContentTransformation.$UnknownMember;
 /**
  * @public
  */
-export declare namespace ObjectLambdaContentTransformation {
+export interface CreateAccessGrantResult {
     /**
      * @public
-     * <p>A container for an Lambda function.</p>
+     * <p>The date and time when you created the access grant. </p>
      */
-    interface AwsLambdaMember {
-        AwsLambda: AwsLambdaTransformation;
-        $unknown?: never;
-    }
+    CreatedAt?: Date;
     /**
      * @public
+     * <p>The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.</p>
      */
-    interface $UnknownMember {
-        AwsLambda?: never;
-        $unknown: [string, any];
-    }
-    interface Visitor<T> {
-        AwsLambda: (value: AwsLambdaTransformation) => T;
-        _: (name: string, value: any) => T;
+    AccessGrantId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the access grant. </p>
+     */
+    AccessGrantArn?: string;
+    /**
+     * @public
+     * <p>The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.</p>
+     */
+    Grantee?: Grantee;
+    /**
+     * @public
+     * <p>The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register. </p>
+     */
+    AccessGrantsLocationId?: string;
+    /**
+     * @public
+     * <p>The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. </p>
+     */
+    AccessGrantsLocationConfiguration?: AccessGrantsLocationConfiguration;
+    /**
+     * @public
+     * <p>The type of access that you are granting to your S3 data, which can be set to one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>READ</code> – Grant read-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>WRITE</code> – Grant write-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>READWRITE</code> – Grant both read and write access to the S3 data.</p>
+     *             </li>
+     *          </ul>
+     */
+    Permission?: Permission;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application. </p>
+     */
+    ApplicationArn?: string;
+    /**
+     * @public
+     * <p>The S3 path of the data to which you are granting access. It is the result of appending the <code>Subprefix</code> to the location scope. </p>
+     */
+    GrantScope?: string;
+}
+/**
+ * @public
+ */
+export interface CreateAccessGrantsInstanceRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>If you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the <a href="https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ListInstances.html">ListInstances</a> API operation to retrieve a list of your Identity Center instances and their ARNs. </p>
+     */
+    IdentityCenterArn?: string;
+    /**
+     * @public
+     * <p>The Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. </p>
+     */
+    Tags?: Tag[];
+}
+/**
+ * @public
+ */
+export interface CreateAccessGrantsInstanceResult {
+    /**
+     * @public
+     * <p>The date and time when you created the S3 Access Grants instance. </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>The ID of the S3 Access Grants instance. The ID is <code>default</code>. You can have one S3 Access Grants instance per Region per account. </p>
+     */
+    AccessGrantsInstanceId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the S3 Access Grants instance. </p>
+     */
+    AccessGrantsInstanceArn?: string;
+    /**
+     * @public
+     * <p>If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance passed in the request. S3 Access Grants creates this Identity Center application for this specific S3 Access Grants instance.  </p>
+     */
+    IdentityCenterArn?: string;
+}
+/**
+ * @public
+ */
+export interface CreateAccessGrantsLocationRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The S3 path to the location that you are registering. The location scope can be the default S3 location <code>s3://</code>, the S3 path to a bucket <code>s3://<bucket></code>, or the S3 path to a bucket and prefix <code>s3://<bucket>/<prefix></code>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the <code>engineering/</code> prefix or object key names that start with the <code>marketing/campaigns/</code> prefix.</p>
+     */
+    LocationScope: string | undefined;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location. </p>
+     */
+    IAMRoleArn: string | undefined;
+    /**
+     * @public
+     * <p>The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.</p>
+     */
+    Tags?: Tag[];
+}
+/**
+ * @public
+ */
+export interface CreateAccessGrantsLocationResult {
+    /**
+     * @public
+     * <p>The date and time when you registered the location. </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register.  </p>
+     */
+    AccessGrantsLocationId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the location you are registering.</p>
+     */
+    AccessGrantsLocationArn?: string;
+    /**
+     * @public
+     * <p>The S3 URI path to the location that you are registering. The location scope can be the default S3 location <code>s3://</code>, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the <code>engineering/</code> prefix or object key names that start with the <code>marketing/campaigns/</code> prefix.</p>
+     */
+    LocationScope?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location. </p>
+     */
+    IAMRoleArn?: string;
+}
+/**
+ * @public
+ */
+export interface CreateAccessPointRequest {
+    /**
+     * @public
+     * <p>The Amazon Web Services account ID for the account that owns the specified access point.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The name you want to assign to this access point.</p>
+     */
+    Name: string | undefined;
+    /**
+     * @public
+     * <p>The name of the bucket that you want to associate this access point with.</p>
+     *          <p>For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.</p>
+     *          <p>For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must  specify the ARN of the bucket accessed in the format <code>arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name></code>. For example, to access the bucket <code>reports</code> through Outpost <code>my-outpost</code> owned by account <code>123456789012</code> in Region <code>us-west-2</code>, use the URL encoding of <code>arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports</code>. The value must be URL encoded.  </p>
+     */
+    Bucket: string | undefined;
+    /**
+     * @public
+     * <p>If you include this field, Amazon S3 restricts access to this access point to requests from the
+     *          specified virtual private cloud (VPC).</p>
+     *          <note>
+     *             <p>This is required for creating an access point for Amazon S3 on Outposts buckets.</p>
+     *          </note>
+     */
+    VpcConfiguration?: VpcConfiguration;
+    /**
+     * @public
+     * <p> The <code>PublicAccessBlock</code> configuration that you want to apply to the access point.
+     *       </p>
+     */
+    PublicAccessBlockConfiguration?: PublicAccessBlockConfiguration;
+    /**
+     * @public
+     * <p>The Amazon Web Services account ID associated with the S3 bucket associated with this access point.</p>
+     */
+    BucketAccountId?: string;
+}
+/**
+ * @public
+ */
+export interface CreateAccessPointResult {
+    /**
+     * @public
+     * <p>The ARN of the access point.</p>
+     *          <note>
+     *             <p>This is only supported by Amazon S3 on Outposts.</p>
+     *          </note>
+     */
+    AccessPointArn?: string;
+    /**
+     * @public
+     * <p>The name or alias of the access point.</p>
+     */
+    Alias?: string;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const ObjectLambdaAllowedFeature: {
+    readonly GetObjectPartNumber: "GetObject-PartNumber";
+    readonly GetObjectRange: "GetObject-Range";
+    readonly HeadObjectPartNumber: "HeadObject-PartNumber";
+    readonly HeadObjectRange: "HeadObject-Range";
+};
+/**
+ * @public
+ */
+export type ObjectLambdaAllowedFeature = (typeof ObjectLambdaAllowedFeature)[keyof typeof ObjectLambdaAllowedFeature];
+/**
+ * @public
+ * @enum
+ */
+export declare const ObjectLambdaTransformationConfigurationAction: {
+    readonly GetObject: "GetObject";
+    readonly HeadObject: "HeadObject";
+    readonly ListObjects: "ListObjects";
+    readonly ListObjectsV2: "ListObjectsV2";
+};
+/**
+ * @public
+ */
+export type ObjectLambdaTransformationConfigurationAction = (typeof ObjectLambdaTransformationConfigurationAction)[keyof typeof ObjectLambdaTransformationConfigurationAction];
+/**
+ * @public
+ * <p>A container for AwsLambdaTransformation.</p>
+ */
+export type ObjectLambdaContentTransformation = ObjectLambdaContentTransformation.AwsLambdaMember | ObjectLambdaContentTransformation.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace ObjectLambdaContentTransformation {
+    /**
+     * @public
+     * <p>A container for an Lambda function.</p>
+     */
+    interface AwsLambdaMember {
+        AwsLambda: AwsLambdaTransformation;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        AwsLambda?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        AwsLambda: (value: AwsLambdaTransformation) => T;
+        _: (name: string, value: any) => T;
     }
     const visit: <T>(value: ObjectLambdaContentTransformation, visitor: Visitor<T>) => T;
 }
@@ -814,8 +1278,8 @@ export declare const ObjectLambdaAccessPointAliasStatus: {
 export type ObjectLambdaAccessPointAliasStatus = (typeof ObjectLambdaAccessPointAliasStatus)[keyof typeof ObjectLambdaAccessPointAliasStatus];
 /**
  * @public
- * <p>The alias of an Object Lambda Access Point. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html#ol-access-points-alias">How to use a bucket-style alias for your S3 bucket
- *          Object Lambda Access Point</a>.</p>
+ * <p>The alias of an Object Lambda Access Point. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-use.html#ol-access-points-alias">How to use a
+ *             bucket-style alias for your S3 bucket Object Lambda Access Point</a>.</p>
  */
 export interface ObjectLambdaAccessPointAlias {
     /**
@@ -825,8 +1289,10 @@ export interface ObjectLambdaAccessPointAlias {
     Value?: string;
     /**
      * @public
-     * <p>The status of the Object Lambda Access Point alias. If the status is <code>PROVISIONING</code>, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If
-     *          the status is <code>READY</code>, the Object Lambda Access Point alias is successfully provisioned and ready for use.</p>
+     * <p>The status of the Object Lambda Access Point alias. If the status is <code>PROVISIONING</code>, the Object Lambda Access Point
+     *          is provisioning the alias and the alias is not ready for use yet. If the status is
+     *             <code>READY</code>, the Object Lambda Access Point alias is successfully provisioned and ready for
+     *          use.</p>
      */
     Status?: ObjectLambdaAccessPointAliasStatus;
 }
@@ -1125,6 +1591,49 @@ export interface JobManifest {
      */
     Location: JobManifestLocation | undefined;
 }
+/**
+ * @public
+ * <p>If provided, the generated manifest includes only source bucket objects whose object
+ *          keys match the string constraints specified for <code>MatchAnyPrefix</code>,
+ *             <code>MatchAnySuffix</code>, and <code>MatchAnySubstring</code>.</p>
+ */
+export interface KeyNameConstraint {
+    /**
+     * @public
+     * <p>If provided, the generated manifest includes objects where the specified string appears
+     *          at the start of the object key string.</p>
+     */
+    MatchAnyPrefix?: string[];
+    /**
+     * @public
+     * <p>If provided, the generated manifest includes objects where the specified string appears
+     *          at the end of the object key string.</p>
+     */
+    MatchAnySuffix?: string[];
+    /**
+     * @public
+     * <p>If provided, the generated manifest includes objects where the specified string appears
+     *          anywhere within the object key string.</p>
+     */
+    MatchAnySubstring?: string[];
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const S3StorageClass: {
+    readonly DEEP_ARCHIVE: "DEEP_ARCHIVE";
+    readonly GLACIER: "GLACIER";
+    readonly GLACIER_IR: "GLACIER_IR";
+    readonly INTELLIGENT_TIERING: "INTELLIGENT_TIERING";
+    readonly ONEZONE_IA: "ONEZONE_IA";
+    readonly STANDARD: "STANDARD";
+    readonly STANDARD_IA: "STANDARD_IA";
+};
+/**
+ * @public
+ */
+export type S3StorageClass = (typeof S3StorageClass)[keyof typeof S3StorageClass];
 /**
  * @public
  * @enum
@@ -1152,28 +1661,53 @@ export interface JobManifestGeneratorFilter {
     EligibleForReplication?: boolean;
     /**
      * @public
-     * <p>If provided, the generated manifest should include only source bucket objects that were
+     * <p>If provided, the generated manifest includes only source bucket objects that were
      *          created after this time.</p>
      */
     CreatedAfter?: Date;
     /**
      * @public
-     * <p>If provided, the generated manifest should include only source bucket objects that were
+     * <p>If provided, the generated manifest includes only source bucket objects that were
      *          created before this time.</p>
      */
     CreatedBefore?: Date;
     /**
      * @public
-     * <p>If provided, the generated manifest should include only source bucket objects that have
-     *          one of the specified Replication statuses.</p>
+     * <p>If provided, the generated manifest includes only source bucket objects that have one of
+     *          the specified Replication statuses.</p>
      */
     ObjectReplicationStatuses?: ReplicationStatus[];
-}
-/**
- * @public
- * <p>Configuration for the use of SSE-KMS to encrypt generated manifest objects.</p>
- */
-export interface SSEKMSEncryption {
+    /**
+     * @public
+     * <p>If provided, the generated manifest includes only source bucket objects whose object
+     *          keys match the string constraints specified for <code>MatchAnyPrefix</code>,
+     *             <code>MatchAnySuffix</code>, and <code>MatchAnySubstring</code>.</p>
+     */
+    KeyNameConstraint?: KeyNameConstraint;
+    /**
+     * @public
+     * <p>If provided, the generated manifest includes only source bucket objects whose file size
+     *          is greater than the specified number of bytes.</p>
+     */
+    ObjectSizeGreaterThanBytes?: number;
+    /**
+     * @public
+     * <p>If provided, the generated manifest includes only source bucket objects whose file size
+     *          is less than the specified number of bytes.</p>
+     */
+    ObjectSizeLessThanBytes?: number;
+    /**
+     * @public
+     * <p>If provided, the generated manifest includes only source bucket objects that are stored
+     *          with the specified storage class.</p>
+     */
+    MatchAnyStorageClass?: S3StorageClass[];
+}
+/**
+ * @public
+ * <p>Configuration for the use of SSE-KMS to encrypt generated manifest objects.</p>
+ */
+export interface SSEKMSEncryption {
     /**
      * @public
      * <p>Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption
@@ -1669,23 +2203,6 @@ export declare const S3ObjectLockMode: {
  * @public
  */
 export type S3ObjectLockMode = (typeof S3ObjectLockMode)[keyof typeof S3ObjectLockMode];
-/**
- * @public
- * @enum
- */
-export declare const S3StorageClass: {
-    readonly DEEP_ARCHIVE: "DEEP_ARCHIVE";
-    readonly GLACIER: "GLACIER";
-    readonly GLACIER_IR: "GLACIER_IR";
-    readonly INTELLIGENT_TIERING: "INTELLIGENT_TIERING";
-    readonly ONEZONE_IA: "ONEZONE_IA";
-    readonly STANDARD: "STANDARD";
-    readonly STANDARD_IA: "STANDARD_IA";
-};
-/**
- * @public
- */
-export type S3StorageClass = (typeof S3StorageClass)[keyof typeof S3StorageClass];
 /**
  * @public
  * <p>Contains
@@ -1812,7 +2329,8 @@ export interface S3CopyObjectOperation {
      *          that
      *          you want Amazon S3 to use to create the checksum. For more
      *          information,
-     *          see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html"> Checking object integrity</a> in the <i>Amazon S3 User Guide</i>.</p>
+     *          see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html"> Checking object
+     *             integrity</a> in the <i>Amazon S3 User Guide</i>.</p>
      */
     ChecksumAlgorithm?: S3ChecksumAlgorithm;
 }
@@ -2426,31 +2944,6 @@ export interface StorageLensGroup {
      */
     StorageLensGroupArn?: string;
 }
-/**
- * @public
- * <p>
- *    An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects.
- * </p>
- *          <note>
- *             <p>This data type is only supported for <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-lens-groups.html">S3 Storage Lens groups</a>.</p>
- *          </note>
- */
-export interface Tag {
-    /**
-     * @public
-     * <p> The tag key for your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in
-     *          length and is case-sensitive. System created tags that begin with <code>aws:</code> aren’t supported.
-     *       </p>
-     */
-    Key: string | undefined;
-    /**
-     * @public
-     * <p>
-     *    The tag value for your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.
-     * </p>
-     */
-    Value: string | undefined;
-}
 /**
  * @public
  */
@@ -2477,6 +2970,56 @@ export interface CreateStorageLensGroupRequest {
      */
     Tags?: Tag[];
 }
+/**
+ * @public
+ */
+export interface DeleteAccessGrantRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.</p>
+     */
+    AccessGrantId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeleteAccessGrantsInstanceRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+}
+/**
+ * @public
+ */
+export interface DeleteAccessGrantsInstanceResourcePolicyRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+}
+/**
+ * @public
+ */
+export interface DeleteAccessGrantsLocationRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The ID of the registered location that you are deregistering from your S3 Access Grants instance. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register.  </p>
+     */
+    AccessGrantsLocationId: string | undefined;
+}
 /**
  * @public
  */
@@ -3019,6 +3562,235 @@ export interface DescribeMultiRegionAccessPointOperationResult {
      */
     AsyncOperation?: AsyncOperation;
 }
+/**
+ * @public
+ */
+export interface DissociateAccessGrantsIdentityCenterRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.</p>
+     */
+    AccessGrantId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantResult {
+    /**
+     * @public
+     * <p>The date and time when you created the access grant. </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.</p>
+     */
+    AccessGrantId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the access grant. </p>
+     */
+    AccessGrantArn?: string;
+    /**
+     * @public
+     * <p>The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added a corporate directory to Amazon Web Services IAM Identity Center and associated this Identity Center instance with the S3 Access Grants instance, the grantee can also be a corporate directory user or group.</p>
+     */
+    Grantee?: Grantee;
+    /**
+     * @public
+     * <p>The type of permission that was granted in the access grant. Can be one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>READ</code> – Grant read-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>WRITE</code> – Grant write-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>READWRITE</code> – Grant both read and write access to the S3 data.</p>
+     *             </li>
+     *          </ul>
+     */
+    Permission?: Permission;
+    /**
+     * @public
+     * <p>The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register. </p>
+     */
+    AccessGrantsLocationId?: string;
+    /**
+     * @public
+     * <p>The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. </p>
+     */
+    AccessGrantsLocationConfiguration?: AccessGrantsLocationConfiguration;
+    /**
+     * @public
+     * <p>The S3 path of the data to which you are granting access. It is the result of appending the <code>Subprefix</code> to the location scope.</p>
+     */
+    GrantScope?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.  </p>
+     */
+    ApplicationArn?: string;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsInstanceRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsInstanceResult {
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the S3 Access Grants instance. </p>
+     */
+    AccessGrantsInstanceArn?: string;
+    /**
+     * @public
+     * <p>The ID of the S3 Access Grants instance. The ID is <code>default</code>. You can have one S3 Access Grants instance per Region per account. </p>
+     */
+    AccessGrantsInstanceId?: string;
+    /**
+     * @public
+     * <p>If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance. </p>
+     */
+    IdentityCenterArn?: string;
+    /**
+     * @public
+     * <p>The date and time when you created the S3 Access Grants instance. </p>
+     */
+    CreatedAt?: Date;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsInstanceForPrefixRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The S3 prefix of the access grants that you would like to retrieve.</p>
+     */
+    S3Prefix: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsInstanceForPrefixResult {
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the S3 Access Grants instance. </p>
+     */
+    AccessGrantsInstanceArn?: string;
+    /**
+     * @public
+     * <p>The ID of the S3 Access Grants instance. The ID is <code>default</code>. You can have one S3 Access Grants instance per Region per account. </p>
+     */
+    AccessGrantsInstanceId?: string;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsInstanceResourcePolicyRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsInstanceResourcePolicyResult {
+    /**
+     * @public
+     * <p>The resource policy of the S3 Access Grants instance.</p>
+     */
+    Policy?: string;
+    /**
+     * @public
+     * <p>The Organization of the resource policy of the S3 Access Grants instance.</p>
+     */
+    Organization?: string;
+    /**
+     * @public
+     * <p>The date and time when you created the S3 Access Grants instance resource policy. </p>
+     */
+    CreatedAt?: Date;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsLocationRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The ID of the registered location that you are retrieving. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register.  </p>
+     */
+    AccessGrantsLocationId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetAccessGrantsLocationResult {
+    /**
+     * @public
+     * <p>The date and time when you registered the location. </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID <code>default</code> to the default location <code>s3://</code> and assigns an auto-generated ID to other locations that you register.  </p>
+     */
+    AccessGrantsLocationId?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the registered location. </p>
+     */
+    AccessGrantsLocationArn?: string;
+    /**
+     * @public
+     * <p>The S3 URI path to the registered location. The location scope can be the default S3 location <code>s3://</code>, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the <code>engineering/</code> prefix or object key names that start with the <code>marketing/campaigns/</code> prefix.</p>
+     */
+    LocationScope?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location. </p>
+     */
+    IAMRoleArn?: string;
+}
 /**
  * @public
  */
@@ -3578,8 +4350,8 @@ export interface LifecycleRule {
      * @public
      * <p>Specifies the days since the initiation of an incomplete multipart upload that Amazon S3
      *          waits before permanently removing all parts of the upload. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config">
-     *             Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration</a> in the
-     *             <i>Amazon S3 User Guide</i>.</p>
+     *             Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration</a> in
+     *          the <i>Amazon S3 User Guide</i>.</p>
      */
     AbortIncompleteMultipartUpload?: AbortIncompleteMultipartUpload;
 }
@@ -3657,7 +4429,8 @@ export type DeleteMarkerReplicationStatus = (typeof DeleteMarkerReplicationStatu
  *             <code>Tag</code> element, the <code>DeleteMarkerReplication</code> element's
  *             <code>Status</code> child element must be set to <code>Disabled</code>, because
  *          S3 on Outposts does not support replicating delete markers for tag-based rules.</p>
- *          <p>For more information about delete marker replication, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html#outposts-replication-what-is-replicated">How delete operations affect replication</a> in the <i>Amazon S3 User Guide</i>. </p>
+ *          <p>For more information about delete marker replication, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html#outposts-replication-what-is-replicated">How delete operations affect replication</a> in the
+ *             <i>Amazon S3 User Guide</i>. </p>
  */
 export interface DeleteMarkerReplication {
     /**
@@ -3847,7 +4620,8 @@ export interface Destination {
      *          are stored in the <code>OUTPOSTS</code> storage class. S3 on Outposts uses the
      *             <code>OUTPOSTS</code> storage class to create the object replicas. </p>
      *          <note>
-     *             <p>Values other than <code>OUTPOSTS</code> are not supported by Amazon S3 on Outposts. </p>
+     *             <p>Values other than <code>OUTPOSTS</code> are not supported by Amazon S3 on Outposts.
+     *          </p>
      *          </note>
      */
     StorageClass?: ReplicationStorageClass;
@@ -4061,7 +4835,8 @@ export declare const ReplicationRuleStatus: {
 export type ReplicationRuleStatus = (typeof ReplicationRuleStatus)[keyof typeof ReplicationRuleStatus];
 /**
  * @public
- * <p>Specifies which S3 on Outposts objects to replicate and where to store the replicas.</p>
+ * <p>Specifies which S3 on Outposts objects to replicate and where to store the
+ *          replicas.</p>
  */
 export interface ReplicationRule {
     /**
@@ -4073,11 +4848,11 @@ export interface ReplicationRule {
      * @public
      * <p>The priority indicates which rule has precedence whenever two or more replication rules
      *          conflict. S3 on Outposts attempts to replicate objects according to all replication rules.
-     *          However, if there are two or more rules with the same destination Outposts bucket, then objects will
-     *          be replicated according to the rule with the highest priority. The higher the number, the
-     *          higher the priority. </p>
-     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-between-outposts.html">Creating replication rules on Outposts</a> in the
-     *             <i>Amazon S3 User Guide</i>.</p>
+     *          However, if there are two or more rules with the same destination Outposts bucket, then
+     *          objects will be replicated according to the rule with the highest priority. The higher the
+     *          number, the higher the priority. </p>
+     *          <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-between-outposts.html">Creating replication
+     *             rules on Outposts</a> in the <i>Amazon S3 User Guide</i>.</p>
      */
     Priority?: number;
     /**
@@ -4109,9 +4884,9 @@ export interface ReplicationRule {
     Status: ReplicationRuleStatus | undefined;
     /**
      * @public
-     * <p>A container that describes additional filters for identifying the source Outposts objects that
-     *          you want to replicate. You can choose to enable or disable the replication of these
-     *          objects.</p>
+     * <p>A container that describes additional filters for identifying the source Outposts
+     *          objects that you want to replicate. You can choose to enable or disable the replication of
+     *          these objects.</p>
      */
     SourceSelectionCriteria?: SourceSelectionCriteria;
     /**
@@ -4124,7 +4899,8 @@ export interface ReplicationRule {
     ExistingObjectReplication?: ExistingObjectReplication;
     /**
      * @public
-     * <p>A container for information about the replication destination and its configurations.</p>
+     * <p>A container for information about the replication destination and its
+     *          configurations.</p>
      */
     Destination: Destination | undefined;
     /**
@@ -4135,7 +4911,8 @@ export interface ReplicationRule {
      *             <code>Tag</code> element, the <code>DeleteMarkerReplication</code> element's
      *             <code>Status</code> child element must be set to <code>Disabled</code>, because
      *          S3 on Outposts doesn't support replicating delete markers for tag-based rules.</p>
-     *          <p>For more information about delete marker replication, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html#outposts-replication-what-is-replicated">How delete operations affect replication</a> in the <i>Amazon S3 User Guide</i>. </p>
+     *          <p>For more information about delete marker replication, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3OutpostsReplication.html#outposts-replication-what-is-replicated">How delete operations affect replication</a> in the
+     *             <i>Amazon S3 User Guide</i>. </p>
      */
     DeleteMarkerReplication?: DeleteMarkerReplication;
     /**
@@ -4147,8 +4924,9 @@ export interface ReplicationRule {
 }
 /**
  * @public
- * <p>A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a
- *          replication configuration is 128 KB.</p>
+ * <p>A container for one or more replication rules. A replication configuration must have at
+ *          least one rule and you can add up to 100 rules. The maximum size of a replication
+ *          configuration is 128 KB.</p>
  */
 export interface ReplicationConfiguration {
     /**
@@ -4172,8 +4950,9 @@ export interface ReplicationConfiguration {
 export interface GetBucketReplicationResult {
     /**
      * @public
-     * <p>A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a
-     *          replication configuration is 128 KB.</p>
+     * <p>A container for one or more replication rules. A replication configuration must have at
+     *          least one rule and you can add up to 100 rules. The maximum size of a replication
+     *          configuration is 128 KB.</p>
      */
     ReplicationConfiguration?: ReplicationConfiguration;
 }
@@ -4260,6 +5039,118 @@ export interface GetBucketVersioningResult {
      */
     MFADelete?: MFADeleteStatus;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const Privilege: {
+    readonly Default: "Default";
+    readonly Minimal: "Minimal";
+};
+/**
+ * @public
+ */
+export type Privilege = (typeof Privilege)[keyof typeof Privilege];
+/**
+ * @public
+ */
+export interface GetDataAccessRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>The S3 URI path of the data to which you are requesting temporary access credentials. If the requesting account has an access grant for this data, S3 Access Grants vends temporary access credentials in the response.</p>
+     */
+    Target: string | undefined;
+    /**
+     * @public
+     * <p>The type of permission granted to your S3 data, which can be set to one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>READ</code> – Grant read-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>WRITE</code> – Grant write-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>READWRITE</code> – Grant both read and write access to the S3 data.</p>
+     *             </li>
+     *          </ul>
+     */
+    Permission: Permission | undefined;
+    /**
+     * @public
+     * <p>The session duration, in seconds, of the temporary access credential that S3 Access Grants vends to the grantee or client application. The default value is 1 hour, but the grantee can specify a range from 900 seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee requests a value higher than this maximum, the operation fails. </p>
+     */
+    DurationSeconds?: number;
+    /**
+     * @public
+     * <p>The scope of the temporary access credential that S3 Access Grants vends to the grantee or client application. </p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>Default</code> – The scope of the returned temporary access token is the scope of the grant that is closest to the target scope.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>Minimal</code> – The scope of the returned temporary access token is the same as the requested target scope as long as the requested scope is the same as or a subset of the grant scope. </p>
+     *             </li>
+     *          </ul>
+     */
+    Privilege?: Privilege;
+    /**
+     * @public
+     * <p>The type of <code>Target</code>. The only possible value is <code>Object</code>. Pass this value if the target data that you would like to access is a path to an object. Do not pass this value if the target data is a bucket or a bucket and a prefix. </p>
+     */
+    TargetType?: S3PrefixType;
+}
+/**
+ * @public
+ * <p>The Amazon Web Services Security Token Service temporary credential that S3 Access Grants vends to grantees and client applications. </p>
+ */
+export interface Credentials {
+    /**
+     * @public
+     * <p>The unique access key ID of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications. </p>
+     */
+    AccessKeyId?: string;
+    /**
+     * @public
+     * <p>The secret access key of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications. </p>
+     */
+    SecretAccessKey?: string;
+    /**
+     * @public
+     * <p>The Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications. </p>
+     */
+    SessionToken?: string;
+    /**
+     * @public
+     * <p>The expiration date and time of the temporary credential that S3 Access Grants vends to grantees and client applications. </p>
+     */
+    Expiration?: Date;
+}
+/**
+ * @public
+ */
+export interface GetDataAccessResult {
+    /**
+     * @public
+     * <p>The temporary credential token that S3 Access Grants vends.</p>
+     */
+    Credentials?: Credentials;
+    /**
+     * @public
+     * <p>The S3 URI path of the data to which you are being granted temporary access credentials. </p>
+     */
+    MatchedGrantTarget?: string;
+}
 /**
  * @public
  */
@@ -4945,6 +5836,169 @@ export interface GetStorageLensGroupResult {
      */
     StorageLensGroup?: StorageLensGroup;
 }
+/**
+ * @public
+ */
+export interface ListAccessGrantsRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>A pagination token to request the next page of results. Pass this value into a subsequent <code>List Access Grants</code> request in order to retrieve the next page of results.</p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>The maximum number of access grants that you would like returned in the <code>List Access Grants</code> response. If the results include the pagination token <code>NextToken</code>, make another call using the <code>NextToken</code> to determine if there are more results.</p>
+     */
+    MaxResults?: number;
+    /**
+     * @public
+     * <p>The type of the grantee to which access has been granted. It can be one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>IAM</code> - An IAM user or role.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DIRECTORY_USER</code> - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DIRECTORY_GROUP</code> - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.</p>
+     *             </li>
+     *          </ul>
+     */
+    GranteeType?: GranteeType;
+    /**
+     * @public
+     * <p>The unique identifer of the <code>Grantee</code>. If the grantee type is <code>IAM</code>, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format <code>a1b2c3d4-5678-90ab-cdef-EXAMPLE11111</code>. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.</p>
+     */
+    GranteeIdentifier?: string;
+    /**
+     * @public
+     * <p>The type of permission granted to your S3 data, which can be set to one of the following values:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>READ</code> – Grant read-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>WRITE</code> – Grant write-only access to the S3 data.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>READWRITE</code> – Grant both read and write access to the S3 data.</p>
+     *             </li>
+     *          </ul>
+     */
+    Permission?: Permission;
+    /**
+     * @public
+     * <p>The S3 path of the data to which you are granting access. It is the result of appending the <code>Subprefix</code> to the location scope.</p>
+     */
+    GrantScope?: string;
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application. </p>
+     */
+    ApplicationArn?: string;
+}
+/**
+ * @public
+ */
+export interface ListAccessGrantsResult {
+    /**
+     * @public
+     * <p>A pagination token to request the next page of results. Pass this value into a subsequent <code>List Access Grants</code> request in order to retrieve the next page of results.</p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>A container for a list of grants in an S3 Access Grants instance.</p>
+     */
+    AccessGrantsList?: ListAccessGrantEntry[];
+}
+/**
+ * @public
+ */
+export interface ListAccessGrantsInstancesRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>A pagination token to request the next page of results. Pass this value into a subsequent <code>List Access Grants Instances</code> request in order to retrieve the next page of results.</p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>The maximum number of access grants that you would like returned in the <code>List Access Grants</code> response. If the results include the pagination token <code>NextToken</code>, make another call using the <code>NextToken</code> to determine if there are more results.</p>
+     */
+    MaxResults?: number;
+}
+/**
+ * @public
+ */
+export interface ListAccessGrantsInstancesResult {
+    /**
+     * @public
+     * <p>A pagination token to request the next page of results. Pass this value into a subsequent <code>List Access Grants Instances</code> request in order to retrieve the next page of results.</p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>A container for a list of S3 Access Grants instances.</p>
+     */
+    AccessGrantsInstancesList?: ListAccessGrantsInstanceEntry[];
+}
+/**
+ * @public
+ */
+export interface ListAccessGrantsLocationsRequest {
+    /**
+     * @public
+     * <p>The ID of the Amazon Web Services account that is making this request.</p>
+     */
+    AccountId?: string;
+    /**
+     * @public
+     * <p>A pagination token to request the next page of results. Pass this value into a subsequent <code>List Access Grants Locations</code> request in order to retrieve the next page of results.</p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>The maximum number of access grants that you would like returned in the <code>List Access Grants</code> response. If the results include the pagination token <code>NextToken</code>, make another call using the <code>NextToken</code> to determine if there are more results.</p>
+     */
+    MaxResults?: number;
+    /**
+     * @public
+     * <p>The S3 path to the location that you are registering. The location scope can be the default S3 location <code>s3://</code>, the S3 path to a bucket <code>s3://<bucket></code>, or the S3 path to a bucket and prefix <code>s3://<bucket>/<prefix></code>. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the <code>engineering/</code> prefix or object key names that start with the <code>marketing/campaigns/</code> prefix.</p>
+     */
+    LocationScope?: string;
+}
+/**
+ * @public
+ */
+export interface ListAccessGrantsLocationsResult {
+    /**
+     * @public
+     * <p>A pagination token to request the next page of results. Pass this value into a subsequent <code>List Access Grants Locations</code> request in order to retrieve the next page of results.</p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>A container for a list of registered locations in an S3 Access Grants instance.</p>
+     */
+    AccessGrantsLocationsList?: ListAccessGrantsLocationsEntry[];
+}
 /**
  * @public
  */
@@ -5399,684 +6453,10 @@ export interface ListStorageLensGroupsRequest {
     NextToken?: string;
 }
 /**
- * @public
- * <p>
- * Each entry contains a Storage Lens group that exists in the specified home Region.
- * </p>
- */
-export interface ListStorageLensGroupEntry {
-    /**
-     * @public
-     * <p>
-     * Contains the name of the Storage Lens group that exists in the specified home Region.
-     * </p>
-     */
-    Name: string | undefined;
-    /**
-     * @public
-     * <p>
-     * Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.
-     * </p>
-     */
-    StorageLensGroupArn: string | undefined;
-    /**
-     * @public
-     * <p>
-     * Contains the Amazon Web Services Region where the Storage Lens group was created.
-     * </p>
-     */
-    HomeRegion: string | undefined;
-}
-/**
- * @public
- */
-export interface ListStorageLensGroupsResult {
-    /**
-     * @public
-     * <p>
-     *    If <code>NextToken</code> is returned, there are more Storage Lens groups results available. The value of <code>NextToken</code> is a
-     *       unique pagination token for each page. Make the call again using the returned token to
-     *       retrieve the next page. Keep all other arguments unchanged. Each pagination token expires
-     *       after 24 hours.
-     * </p>
-     */
-    NextToken?: string;
-    /**
-     * @public
-     * <p>
-     * The list of Storage Lens groups that exist in the specified home Region.
-     * </p>
-     */
-    StorageLensGroupList?: ListStorageLensGroupEntry[];
-}
-/**
- * @public
+ * @internal
  */
-export interface ListTagsForResourceRequest {
-    /**
-     * @public
-     * <p>
-     * The Amazon Web Services account ID of the resource owner.
-     * </p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>
-     * The Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for.
-     * </p>
-     */
-    ResourceArn: string | undefined;
-}
+export declare const CredentialsFilterSensitiveLog: (obj: Credentials) => any;
 /**
- * @public
+ * @internal
  */
-export interface ListTagsForResourceResult {
-    /**
-     * @public
-     * <p>
-     * The Amazon Web Services resource tags that are associated with the resource.
-     * </p>
-     */
-    Tags?: Tag[];
-}
-/**
- * @public
- */
-export interface PutAccessPointConfigurationForObjectLambdaRequest {
-    /**
-     * @public
-     * <p>The account ID for the account that owns the specified Object Lambda Access Point.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The name of the Object Lambda Access Point.</p>
-     */
-    Name: string | undefined;
-    /**
-     * @public
-     * <p>Object Lambda Access Point configuration document.</p>
-     */
-    Configuration: ObjectLambdaConfiguration | undefined;
-}
-/**
- * @public
- */
-export interface PutAccessPointPolicyRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID for owner of the bucket associated with the specified access point.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The name of the access point that you want to associate with the specified policy.</p>
-     *          <p>For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.</p>
-     *          <p>For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must  specify the ARN of the access point accessed in the format <code>arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name></code>. For example, to access the access point <code>reports-ap</code> through Outpost <code>my-outpost</code> owned by account <code>123456789012</code> in Region <code>us-west-2</code>, use the URL encoding of <code>arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap</code>. The value must be URL encoded. </p>
-     */
-    Name: string | undefined;
-    /**
-     * @public
-     * <p>The policy that you want to apply to the specified access point. For more information about access point
-     *          policies, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html">Managing data access with Amazon S3
-     *             access points</a> in the <i>Amazon S3 User Guide</i>.</p>
-     */
-    Policy: string | undefined;
-}
-/**
- * @public
- */
-export interface PutAccessPointPolicyForObjectLambdaRequest {
-    /**
-     * @public
-     * <p>The account ID for the account that owns the specified Object Lambda Access Point.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The name of the Object Lambda Access Point.</p>
-     */
-    Name: string | undefined;
-    /**
-     * @public
-     * <p>Object Lambda Access Point resource policy document.</p>
-     */
-    Policy: string | undefined;
-}
-/**
- * @public
- * <p>The container for the Outposts bucket lifecycle configuration.</p>
- */
-export interface LifecycleConfiguration {
-    /**
-     * @public
-     * <p>A lifecycle rule for individual objects in an Outposts bucket. </p>
-     */
-    Rules?: LifecycleRule[];
-}
-/**
- * @public
- */
-export interface PutBucketLifecycleConfigurationRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID of the Outposts bucket.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The name of the bucket for which to set the configuration.</p>
-     */
-    Bucket: string | undefined;
-    /**
-     * @public
-     * <p>Container for lifecycle rules. You can add as many as 1,000 rules.</p>
-     */
-    LifecycleConfiguration?: LifecycleConfiguration;
-}
-/**
- * @public
- */
-export interface PutBucketPolicyRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID of the Outposts bucket.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>Specifies the bucket.</p>
-     *          <p>For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.</p>
-     *          <p>For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must  specify the ARN of the bucket accessed in the format <code>arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name></code>. For example, to access the bucket <code>reports</code> through Outpost <code>my-outpost</code> owned by account <code>123456789012</code> in Region <code>us-west-2</code>, use the URL encoding of <code>arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports</code>. The value must be URL encoded.  </p>
-     */
-    Bucket: string | undefined;
-    /**
-     * @public
-     * <p>Set this parameter to true to confirm that you want to remove your permissions to change
-     *          this bucket policy in the future.</p>
-     *          <note>
-     *             <p>This is not supported by Amazon S3 on Outposts buckets.</p>
-     *          </note>
-     */
-    ConfirmRemoveSelfBucketAccess?: boolean;
-    /**
-     * @public
-     * <p>The bucket policy as a JSON document.</p>
-     */
-    Policy: string | undefined;
-}
-/**
- * @public
- */
-export interface PutBucketReplicationRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID of the Outposts bucket.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>Specifies the S3 on Outposts bucket to set the configuration for.</p>
-     *          <p>For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.</p>
-     *          <p>For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must  specify the ARN of the bucket accessed in the format <code>arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name></code>. For example, to access the bucket <code>reports</code> through Outpost <code>my-outpost</code> owned by account <code>123456789012</code> in Region <code>us-west-2</code>, use the URL encoding of <code>arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports</code>. The value must be URL encoded.  </p>
-     */
-    Bucket: string | undefined;
-    /**
-     * @public
-     * <p></p>
-     */
-    ReplicationConfiguration: ReplicationConfiguration | undefined;
-}
-/**
- * @public
- * <p></p>
- */
-export interface Tagging {
-    /**
-     * @public
-     * <p>A collection for a set of tags.</p>
-     */
-    TagSet: S3Tag[] | undefined;
-}
-/**
- * @public
- */
-export interface PutBucketTaggingRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID of the Outposts bucket.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The Amazon Resource Name (ARN) of the bucket.</p>
-     *          <p>For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.</p>
-     *          <p>For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must  specify the ARN of the bucket accessed in the format <code>arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name></code>. For example, to access the bucket <code>reports</code> through Outpost <code>my-outpost</code> owned by account <code>123456789012</code> in Region <code>us-west-2</code>, use the URL encoding of <code>arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports</code>. The value must be URL encoded.  </p>
-     */
-    Bucket: string | undefined;
-    /**
-     * @public
-     * <p></p>
-     */
-    Tagging: Tagging | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const MFADelete: {
-    readonly Disabled: "Disabled";
-    readonly Enabled: "Enabled";
-};
-/**
- * @public
- */
-export type MFADelete = (typeof MFADelete)[keyof typeof MFADelete];
-/**
- * @public
- * <p>Describes the versioning state of an Amazon S3 on Outposts bucket. For more information, see
- *             <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketVersioning.html">PutBucketVersioning</a>.</p>
- */
-export interface VersioningConfiguration {
-    /**
-     * @public
-     * <p>Specifies whether MFA delete is enabled or disabled in the bucket versioning
-     *          configuration for the S3 on Outposts bucket.</p>
-     */
-    MFADelete?: MFADelete;
-    /**
-     * @public
-     * <p>Sets the versioning state of the S3 on Outposts bucket.</p>
-     */
-    Status?: BucketVersioningStatus;
-}
-/**
- * @public
- */
-export interface PutBucketVersioningRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID of the S3 on Outposts bucket.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The S3 on Outposts bucket to set the versioning state for.</p>
-     */
-    Bucket: string | undefined;
-    /**
-     * @public
-     * <p>The concatenation of the authentication device's serial number, a space, and the value
-     *          that is displayed on your authentication device.</p>
-     */
-    MFA?: string;
-    /**
-     * @public
-     * <p>The root-level tag for the <code>VersioningConfiguration</code> parameters.</p>
-     */
-    VersioningConfiguration: VersioningConfiguration | undefined;
-}
-/**
- * @public
- */
-export interface PutJobTaggingRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID associated with the S3 Batch Operations job.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The ID for the S3 Batch Operations job whose tags you want to replace.</p>
-     */
-    JobId: string | undefined;
-    /**
-     * @public
-     * <p>The set of tags to associate with the S3 Batch Operations job.</p>
-     */
-    Tags: S3Tag[] | undefined;
-}
-/**
- * @public
- */
-export interface PutJobTaggingResult {
-}
-/**
- * @public
- * <p>Amazon S3 throws this exception if you have too many tags in your tag set.</p>
- */
-export declare class TooManyTagsException extends __BaseException {
-    readonly name: "TooManyTagsException";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<TooManyTagsException, __BaseException>);
-}
-/**
- * @public
- */
-export interface PutMultiRegionAccessPointPolicyRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID for the owner of the Multi-Region Access Point.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>An idempotency token used to identify the request and guarantee that requests are
-     *          unique.</p>
-     */
-    ClientToken?: string;
-    /**
-     * @public
-     * <p>A container element containing the details of the policy for the Multi-Region Access Point.</p>
-     */
-    Details: PutMultiRegionAccessPointPolicyInput | undefined;
-}
-/**
- * @public
- */
-export interface PutMultiRegionAccessPointPolicyResult {
-    /**
-     * @public
-     * <p>The request token associated with the request. You can use this token with <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeMultiRegionAccessPointOperation.html">DescribeMultiRegionAccessPointOperation</a> to determine the status of asynchronous
-     *          requests.</p>
-     */
-    RequestTokenARN?: string;
-}
-/**
- * @public
- */
-export interface PutPublicAccessBlockRequest {
-    /**
-     * @public
-     * <p>The <code>PublicAccessBlock</code> configuration that you want to apply to the specified
-     *          Amazon Web Services account.</p>
-     */
-    PublicAccessBlockConfiguration: PublicAccessBlockConfiguration | undefined;
-    /**
-     * @public
-     * <p>The account ID for the Amazon Web Services account whose <code>PublicAccessBlock</code> configuration
-     *          you want to set.</p>
-     */
-    AccountId?: string;
-}
-/**
- * @public
- */
-export interface PutStorageLensConfigurationRequest {
-    /**
-     * @public
-     * <p>The ID of the S3 Storage Lens configuration.</p>
-     */
-    ConfigId: string | undefined;
-    /**
-     * @public
-     * <p>The account ID of the requester.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The S3 Storage Lens configuration.</p>
-     */
-    StorageLensConfiguration: StorageLensConfiguration | undefined;
-    /**
-     * @public
-     * <p>The tag set of the S3 Storage Lens configuration.</p>
-     *          <note>
-     *             <p>You can set up to a maximum of 50 tags.</p>
-     *          </note>
-     */
-    Tags?: StorageLensTag[];
-}
-/**
- * @public
- */
-export interface PutStorageLensConfigurationTaggingRequest {
-    /**
-     * @public
-     * <p>The ID of the S3 Storage Lens configuration.</p>
-     */
-    ConfigId: string | undefined;
-    /**
-     * @public
-     * <p>The account ID of the requester.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The tag set of the S3 Storage Lens configuration.</p>
-     *          <note>
-     *             <p>You can set up to a maximum of 50 tags.</p>
-     *          </note>
-     */
-    Tags: StorageLensTag[] | undefined;
-}
-/**
- * @public
- */
-export interface PutStorageLensConfigurationTaggingResult {
-}
-/**
- * @public
- */
-export interface SubmitMultiRegionAccessPointRoutesRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID for the owner of the Multi-Region Access Point.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The Multi-Region Access Point ARN.</p>
-     */
-    Mrap: string | undefined;
-    /**
-     * @public
-     * <p>The different routes that make up the new route configuration. Active routes return a
-     *          value of <code>100</code>, and passive routes return a value of <code>0</code>.</p>
-     */
-    RouteUpdates: MultiRegionAccessPointRoute[] | undefined;
-}
-/**
- * @public
- */
-export interface SubmitMultiRegionAccessPointRoutesResult {
-}
-/**
- * @public
- */
-export interface TagResourceRequest {
-    /**
-     * @public
-     * <p>
-     * The Amazon Web Services account ID that created the S3 resource that you're trying to add tags to.
-     * </p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>
-     * The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to.
-     * </p>
-     */
-    ResourceArn: string | undefined;
-    /**
-     * @public
-     * <p>
-     * The Amazon Web Services resource tags that you want to add to the specified S3 resource.
-     * </p>
-     */
-    Tags: Tag[] | undefined;
-}
-/**
- * @public
- */
-export interface TagResourceResult {
-}
-/**
- * @public
- */
-export interface UntagResourceRequest {
-    /**
-     * @public
-     * <p>
-     * The Amazon Web Services account ID that owns the resource that you're trying to remove the tags from.
-     * </p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>
-     * The Amazon Resource Name (ARN) of the S3 resource that you want to remove the resource tags from.
-     * </p>
-     */
-    ResourceArn: string | undefined;
-    /**
-     * @public
-     * <p>
-     * The tag key pair of the S3 resource tag that you're trying to remove.
-     * </p>
-     */
-    TagKeys: string[] | undefined;
-}
-/**
- * @public
- */
-export interface UntagResourceResult {
-}
-/**
- * @public
- */
-export interface UpdateJobPriorityRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID associated with the S3 Batch Operations job.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The ID for the job whose priority you want to update.</p>
-     */
-    JobId: string | undefined;
-    /**
-     * @public
-     * <p>The priority you want to assign to this job.</p>
-     */
-    Priority: number | undefined;
-}
-/**
- * @public
- */
-export interface UpdateJobPriorityResult {
-    /**
-     * @public
-     * <p>The ID for the job whose priority Amazon S3 updated.</p>
-     */
-    JobId: string | undefined;
-    /**
-     * @public
-     * <p>The new priority assigned to the specified job.</p>
-     */
-    Priority: number | undefined;
-}
-/**
- * @public
- * <p></p>
- */
-export declare class JobStatusException extends __BaseException {
-    readonly name: "JobStatusException";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<JobStatusException, __BaseException>);
-}
-/**
- * @public
- * @enum
- */
-export declare const RequestedJobStatus: {
-    readonly Cancelled: "Cancelled";
-    readonly Ready: "Ready";
-};
-/**
- * @public
- */
-export type RequestedJobStatus = (typeof RequestedJobStatus)[keyof typeof RequestedJobStatus];
-/**
- * @public
- */
-export interface UpdateJobStatusRequest {
-    /**
-     * @public
-     * <p>The Amazon Web Services account ID associated with the S3 Batch Operations job.</p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>The ID of the job whose status you want to update.</p>
-     */
-    JobId: string | undefined;
-    /**
-     * @public
-     * <p>The status that you want to move the specified job to.</p>
-     */
-    RequestedJobStatus: RequestedJobStatus | undefined;
-    /**
-     * @public
-     * <p>A description of the reason why you want to change the specified job's status. This
-     *          field can be any string up to the maximum length.</p>
-     */
-    StatusUpdateReason?: string;
-}
-/**
- * @public
- */
-export interface UpdateJobStatusResult {
-    /**
-     * @public
-     * <p>The ID for the job whose status was updated.</p>
-     */
-    JobId?: string;
-    /**
-     * @public
-     * <p>The current status for the specified job.</p>
-     */
-    Status?: JobStatus;
-    /**
-     * @public
-     * <p>The reason that the specified job's status was updated.</p>
-     */
-    StatusUpdateReason?: string;
-}
-/**
- * @public
- */
-export interface UpdateStorageLensGroupRequest {
-    /**
-     * @public
-     * <p>
-     * The name of the Storage Lens group that you want to update.
-     * </p>
-     */
-    Name: string | undefined;
-    /**
-     * @public
-     * <p>
-     * The Amazon Web Services account ID of the Storage Lens group owner.
-     * </p>
-     */
-    AccountId?: string;
-    /**
-     * @public
-     * <p>
-     * The JSON file that contains the Storage Lens group configuration.
-     * </p>
-     */
-    StorageLensGroup: StorageLensGroup | undefined;
-}
+export declare const GetDataAccessResultFilterSensitiveLog: (obj: GetDataAccessResult) => any;