npm - @aws-sdk/client-s3-control - Versions diffs - 3.699.0 → 3.703.0 - Mend

@aws-sdk/client-s3-control 3.699.0 → 3.703.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist-types/commands/ListCallerAccessGrantsCommand.d.ts +1 -1
package/dist-types/models/models_0.d.ts +25 -11
package/package.json +1 -1

package/dist-types/commands/ListCallerAccessGrantsCommand.d.ts CHANGED Viewed

@@ -27,7 +27,7 @@ declare const ListCallerAccessGrantsCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Returns a list of the access grants that were given to the caller using S3 Access Grants and that allow the caller to access the S3 data of the Amazon Web Services account specified in the request.</p>
+ * <p>Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants. The caller (grantee) can be an Identity and Access Management (IAM) identity or Amazon Web Services Identity Center corporate directory identity. You must pass the Amazon Web Services account of the S3 data owner (grantor) in the request. You can, optionally, narrow the results by <code>GrantScope</code>, using a fragment of the data's S3 path, and S3 Access Grants will return only the grants with a path that contains the path fragment. You can also pass the <code>AllowedByApplication</code> filter in the request, which returns only the grants authorized for applications, whether the application is the caller's Identity Center application or any other application (<code>ALL</code>). For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-list-grants.html">List the caller's access grants</a> in the <i>Amazon S3 User Guide</i>.</p>
  *          <dl>
  *             <dt>Permissions</dt>
  *             <dd>

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -2235,10 +2235,10 @@ export interface S3ObjectMetadata {
      */
     RequesterCharged?: boolean | undefined;
     /**
-     * <p></p>
-     *          <note>
-     *             <p>For directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (<code>AES256</code>) is supported.</p>
-     *          </note>
+     * <p>The server-side encryption algorithm used when storing objects in Amazon S3.</p>
+     *          <p>
+     *             <b>Directory buckets </b> - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (<code>AES256</code>) and server-side encryption with KMS keys (SSE-KMS) (<code>KMS</code>). For more
+     *          information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html">Protecting data with server-side encryption</a> in the <i>Amazon S3 User Guide</i>. For <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops">the Copy operation in Batch Operations</a>, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_S3CopyObjectOperation.html">S3CopyObjectOperation</a>.</p>
      * @public
      */
     SSEAlgorithm?: S3SSEAlgorithm | undefined;
@@ -2309,8 +2309,12 @@ export interface S3CopyObjectOperation {
      *             <li>
      *                <p>
      *                   <b>Directory buckets</b> - For example, to copy objects to a directory bucket named
-     *                <code>destinationBucket</code> in the Availability Zone; identified by the AZ ID <code>usw2-az1</code>, set the <code>TargetResource</code> property to
-     *                <code>arn:aws:s3express:<i>region</i>:<i>account_id</i>:/bucket/<i>destination_bucket_base_name</i>--<i>usw2-az1</i>--x-s3</code>.</p>
+     *                <code>destinationBucket</code> in the Availability Zone identified by the AZ ID <code>usw2-az1</code>, set the <code>TargetResource</code> property to
+     *                <code>arn:aws:s3express:<i>region</i>:<i>account_id</i>:/bucket/<i>destination_bucket_base_name</i>--<i>usw2-az1</i>--x-s3</code>. A directory bucket as a destination bucket can be in Availability Zone or Local Zone. </p>
+     *                <note>
+     *                   <p>Copying objects across different Amazon Web Services Regions isn't supported when the source or destination bucket is in Amazon Web Services Local Zones. The source and destination buckets must have the same parent Amazon Web Services Region. Otherwise,
+     *                   you get an HTTP <code>400 Bad Request</code> error with the error code <code>InvalidRequest</code>.</p>
+     *                </note>
      *             </li>
      *          </ul>
      * @public
@@ -2394,9 +2398,17 @@ export interface S3CopyObjectOperation {
      */
     UnModifiedSinceConstraint?: Date | undefined;
     /**
-     * <p></p>
+     * <p>Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for object encryption. If the KMS key doesn't exist in the same
+     *          account that's issuing the command, you must use the full Key ARN not the Key ID.</p>
      *          <note>
-     *             <p>This functionality is not supported by directory buckets.</p>
+     *             <p>
+     *                <b>Directory buckets</b> - If you specify <code>SSEAlgorithm</code> with <code>KMS</code>, you must specify the <code>
+     *          SSEAwsKmsKeyId</code> parameter with the ID (Key ID or Key ARN) of the KMS
+     *          symmetric encryption customer managed key to use. Otherwise, you get an HTTP <code>400 Bad Request</code> error. The key alias format of the KMS key isn't supported. To encrypt new object copies in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>).
+     *                         The <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a> (<code>aws/s3</code>) isn't supported. Your SSE-KMS configuration can only support 1 <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a> per directory bucket for the lifetime of the bucket.
+     * After you specify a customer managed key for SSE-KMS as the bucket default encryption, you can't override the customer managed key for the bucket's SSE-KMS configuration.
+     * Then, when you specify server-side encryption settings for new object copies with SSE-KMS, you must make sure the encryption key is the same customer managed key that you specified for the directory bucket's default encryption configuration.
+     *  </p>
      *          </note>
      * @public
      */
@@ -2445,10 +2457,12 @@ export interface S3CopyObjectOperation {
      * <p>Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with
      *          server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to <code>true</code>
      *          causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.</p>
-     *          <p>Specifying this header with an <i>object</i> action doesn’t affect
+     *          <p>Specifying this header with an <i>Copy</i> action doesn’t affect
      *             <i>bucket-level</i> settings for S3 Bucket Key.</p>
      *          <note>
-     *             <p>This functionality is not supported by directory buckets.</p>
+     *             <p>
+     *                <b>Directory buckets</b> - S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets
+     * to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops">the Copy operation in Batch Operations</a>. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.</p>
      *          </note>
      * @public
      */
@@ -2757,7 +2771,7 @@ export interface CreateJobRequest {
     ConfirmationRequired?: boolean | undefined;
     /**
      * <p>The action that you want this job to perform on every object listed in the manifest. For
-     *          more information about the available actions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-actions.html">Operations</a> in the
+     *          more information about the available actions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-operations.html">Operations</a> in the
      *             <i>Amazon S3 User Guide</i>.</p>
      * @public
      */

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-s3-control",
   "description": "AWS SDK for JavaScript S3 Control Client for Node.js, Browser and React Native",
-  "version": "3.699.0",
+  "version": "3.703.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-s3-control",