@aws-sdk/client-s3 3.651.0 → 3.654.0

package/dist-cjs/index.js

@@ -48,6 +48,7 @@ __export(src_exports, {
   CreateMultipartUploadRequestFilterSensitiveLog: () => CreateMultipartUploadRequestFilterSensitiveLog,
   CreateSessionCommand: () => CreateSessionCommand,
   CreateSessionOutputFilterSensitiveLog: () => CreateSessionOutputFilterSensitiveLog,
+  CreateSessionRequestFilterSensitiveLog: () => CreateSessionRequestFilterSensitiveLog,
   DataRedundancy: () => DataRedundancy,
   DeleteBucketAnalyticsConfigurationCommand: () => DeleteBucketAnalyticsConfigurationCommand,
   DeleteBucketCommand: () => DeleteBucketCommand,
@@ -258,6 +259,7 @@ module.exports = __toCommonJS(src_exports);
 
 // src/S3Client.ts
 var import_middleware_expect_continue = require("@aws-sdk/middleware-expect-continue");
+var import_middleware_flexible_checksums = require("@aws-sdk/middleware-flexible-checksums");
 var import_middleware_host_header = require("@aws-sdk/middleware-host-header");
 var import_middleware_logger = require("@aws-sdk/middleware-logger");
 var import_middleware_recursion_detection = require("@aws-sdk/middleware-recursion-detection");
@@ -872,8 +874,15 @@ var SessionCredentialsFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
 }), "SessionCredentialsFilterSensitiveLog");
 var CreateSessionOutputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
+  ...obj.SSEKMSKeyId && { SSEKMSKeyId: import_smithy_client.SENSITIVE_STRING },
+  ...obj.SSEKMSEncryptionContext && { SSEKMSEncryptionContext: import_smithy_client.SENSITIVE_STRING },
   ...obj.Credentials && { Credentials: SessionCredentialsFilterSensitiveLog(obj.Credentials) }
 }), "CreateSessionOutputFilterSensitiveLog");
+var CreateSessionRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
+  ...obj,
+  ...obj.SSEKMSKeyId && { SSEKMSKeyId: import_smithy_client.SENSITIVE_STRING },
+  ...obj.SSEKMSEncryptionContext && { SSEKMSEncryptionContext: import_smithy_client.SENSITIVE_STRING }
+}), "CreateSessionRequestFilterSensitiveLog");
 var ServerSideEncryptionByDefaultFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
   ...obj.KMSMasterKeyID && { KMSMasterKeyID: import_smithy_client.SENSITIVE_STRING }
@@ -1307,7 +1316,11 @@ var se_CreateMultipartUploadCommand = /* @__PURE__ */ __name(async (input, conte
 var se_CreateSessionCommand = /* @__PURE__ */ __name(async (input, context) => {
   const b = (0, import_core2.requestBuilder)(input, context);
   const headers = (0, import_smithy_client.map)({}, isSerializableHeaderValue, {
-    [_xacsm]: input[_SM]
+    [_xacsm]: input[_SM],
+    [_xasse]: input[_SSE],
+    [_xasseakki]: input[_SSEKMSKI],
+    [_xassec]: input[_SSEKMSEC],
+    [_xassebke]: [() => isSerializableHeaderValue(input[_BKE]), () => input[_BKE].toString()]
   });
   b.bp("/");
   b.p("Bucket", () => input.Bucket, "{Bucket}", false);
@@ -3257,7 +3270,11 @@ var de_CreateSessionCommand = /* @__PURE__ */ __name(async (output, context) =>
     return de_CommandError(output, context);
   }
   const contents = (0, import_smithy_client.map)({
-    $metadata: deserializeMetadata(output)
+    $metadata: deserializeMetadata(output),
+    [_SSE]: [, output.headers[_xasse]],
+    [_SSEKMSKI]: [, output.headers[_xasseakki]],
+    [_SSEKMSEC]: [, output.headers[_xassec]],
+    [_BKE]: [() => void 0 !== output.headers[_xassebke], () => (0, import_smithy_client.parseBoolean)(output.headers[_xassebke])]
   });
   const data = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.expectObject)(await (0, import_core.parseXmlBody)(output.body, context)), "body");
   if (data[_C] != null) {
@@ -8403,7 +8420,7 @@ var _CreateSessionCommand = class _CreateSessionCommand extends import_smithy_cl
     (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions()),
     (0, import_middleware_sdk_s3.getThrow200ExceptionsPlugin)(config)
   ];
-}).s("AmazonS3", "CreateSession", {}).n("S3Client", "CreateSessionCommand").f(void 0, CreateSessionOutputFilterSensitiveLog).ser(se_CreateSessionCommand).de(de_CreateSessionCommand).build() {
+}).s("AmazonS3", "CreateSession", {}).n("S3Client", "CreateSessionCommand").f(CreateSessionRequestFilterSensitiveLog, CreateSessionOutputFilterSensitiveLog).ser(se_CreateSessionCommand).de(de_CreateSessionCommand).build() {
 };
 __name(_CreateSessionCommand, "CreateSessionCommand");
 var CreateSessionCommand = _CreateSessionCommand;
@@ -8480,16 +8497,17 @@ var _S3Client = class _S3Client extends import_smithy_client.Client {
     const _config_0 = (0, import_runtimeConfig.getRuntimeConfig)(configuration || {});
     const _config_1 = resolveClientEndpointParameters(_config_0);
     const _config_2 = (0, import_middleware_user_agent.resolveUserAgentConfig)(_config_1);
-    const _config_3 = (0, import_middleware_retry.resolveRetryConfig)(_config_2);
-    const _config_4 = (0, import_config_resolver.resolveRegionConfig)(_config_3);
-    const _config_5 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_4);
-    const _config_6 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_5);
-    const _config_7 = (0, import_eventstream_serde_config_resolver.resolveEventStreamSerdeConfig)(_config_6);
-    const _config_8 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_7);
-    const _config_9 = (0, import_middleware_sdk_s32.resolveS3Config)(_config_8, { session: [() => this, CreateSessionCommand] });
-    const _config_10 = resolveRuntimeExtensions(_config_9, (configuration == null ? void 0 : configuration.extensions) || []);
-    super(_config_10);
-    this.config = _config_10;
+    const _config_3 = (0, import_middleware_flexible_checksums.resolveFlexibleChecksumsConfig)(_config_2);
+    const _config_4 = (0, import_middleware_retry.resolveRetryConfig)(_config_3);
+    const _config_5 = (0, import_config_resolver.resolveRegionConfig)(_config_4);
+    const _config_6 = (0, import_middleware_host_header.resolveHostHeaderConfig)(_config_5);
+    const _config_7 = (0, import_middleware_endpoint.resolveEndpointConfig)(_config_6);
+    const _config_8 = (0, import_eventstream_serde_config_resolver.resolveEventStreamSerdeConfig)(_config_7);
+    const _config_9 = (0, import_httpAuthSchemeProvider.resolveHttpAuthSchemeConfig)(_config_8);
+    const _config_10 = (0, import_middleware_sdk_s32.resolveS3Config)(_config_9, { session: [() => this, CreateSessionCommand] });
+    const _config_11 = resolveRuntimeExtensions(_config_10, (configuration == null ? void 0 : configuration.extensions) || []);
+    super(_config_11);
+    this.config = _config_11;
     this.middlewareStack.use((0, import_middleware_user_agent.getUserAgentPlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_retry.getRetryPlugin)(this.config));
     this.middlewareStack.use((0, import_middleware_content_length.getContentLengthPlugin)(this.config));
@@ -8893,7 +8911,7 @@ __name(_DeleteObjectCommand, "DeleteObjectCommand");
 var DeleteObjectCommand = _DeleteObjectCommand;
 
 // src/commands/DeleteObjectsCommand.ts
-var import_middleware_flexible_checksums = require("@aws-sdk/middleware-flexible-checksums");
+
 var import_middleware_sdk_s39 = require("@aws-sdk/middleware-sdk-s3");
 
 
@@ -10907,6 +10925,7 @@ var waitUntilObjectNotExists = /* @__PURE__ */ __name(async (params, input) => {
   CreateMultipartUploadRequestFilterSensitiveLog,
   SessionCredentialsFilterSensitiveLog,
   CreateSessionOutputFilterSensitiveLog,
+  CreateSessionRequestFilterSensitiveLog,
   ServerSideEncryptionByDefaultFilterSensitiveLog,
   ServerSideEncryptionRuleFilterSensitiveLog,
   ServerSideEncryptionConfigurationFilterSensitiveLog,

package/dist-cjs/runtimeConfig.js

@@ -6,6 +6,7 @@ const package_json_1 = tslib_1.__importDefault(require("../package.json"));
 const core_1 = require("@aws-sdk/core");
 const credential_provider_node_1 = require("@aws-sdk/credential-provider-node");
 const middleware_bucket_endpoint_1 = require("@aws-sdk/middleware-bucket-endpoint");
+const middleware_flexible_checksums_1 = require("@aws-sdk/middleware-flexible-checksums");
 const middleware_sdk_s3_1 = require("@aws-sdk/middleware-sdk-s3");
 const util_user_agent_node_1 = require("@aws-sdk/util-user-agent-node");
 const config_resolver_1 = require("@smithy/config-resolver");
@@ -41,7 +42,9 @@ const getRuntimeConfig = (config) => {
         maxAttempts: config?.maxAttempts ?? (0, node_config_provider_1.loadConfig)(middleware_retry_1.NODE_MAX_ATTEMPT_CONFIG_OPTIONS),
         md5: config?.md5 ?? hash_node_1.Hash.bind(null, "md5"),
         region: config?.region ?? (0, node_config_provider_1.loadConfig)(config_resolver_1.NODE_REGION_CONFIG_OPTIONS, config_resolver_1.NODE_REGION_CONFIG_FILE_OPTIONS),
+        requestChecksumCalculation: config?.requestChecksumCalculation ?? (0, node_config_provider_1.loadConfig)(middleware_flexible_checksums_1.NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS),
         requestHandler: node_http_handler_1.NodeHttpHandler.create(config?.requestHandler ?? defaultConfigProvider),
+        responseChecksumValidation: config?.responseChecksumValidation ?? (0, node_config_provider_1.loadConfig)(middleware_flexible_checksums_1.NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS),
         retryMode: config?.retryMode ??
             (0, node_config_provider_1.loadConfig)({
                 ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS,

package/dist-es/S3Client.js

@@ -1,4 +1,5 @@
 import { getAddExpectContinuePlugin } from "@aws-sdk/middleware-expect-continue";
+import { resolveFlexibleChecksumsConfig, } from "@aws-sdk/middleware-flexible-checksums";
 import { getHostHeaderPlugin, resolveHostHeaderConfig, } from "@aws-sdk/middleware-host-header";
 import { getLoggerPlugin } from "@aws-sdk/middleware-logger";
 import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection";
@@ -22,16 +23,17 @@ export class S3Client extends __Client {
         const _config_0 = __getRuntimeConfig(configuration || {});
         const _config_1 = resolveClientEndpointParameters(_config_0);
         const _config_2 = resolveUserAgentConfig(_config_1);
-        const _config_3 = resolveRetryConfig(_config_2);
-        const _config_4 = resolveRegionConfig(_config_3);
-        const _config_5 = resolveHostHeaderConfig(_config_4);
-        const _config_6 = resolveEndpointConfig(_config_5);
-        const _config_7 = resolveEventStreamSerdeConfig(_config_6);
-        const _config_8 = resolveHttpAuthSchemeConfig(_config_7);
-        const _config_9 = resolveS3Config(_config_8, { session: [() => this, CreateSessionCommand] });
-        const _config_10 = resolveRuntimeExtensions(_config_9, configuration?.extensions || []);
-        super(_config_10);
-        this.config = _config_10;
+        const _config_3 = resolveFlexibleChecksumsConfig(_config_2);
+        const _config_4 = resolveRetryConfig(_config_3);
+        const _config_5 = resolveRegionConfig(_config_4);
+        const _config_6 = resolveHostHeaderConfig(_config_5);
+        const _config_7 = resolveEndpointConfig(_config_6);
+        const _config_8 = resolveEventStreamSerdeConfig(_config_7);
+        const _config_9 = resolveHttpAuthSchemeConfig(_config_8);
+        const _config_10 = resolveS3Config(_config_9, { session: [() => this, CreateSessionCommand] });
+        const _config_11 = resolveRuntimeExtensions(_config_10, configuration?.extensions || []);
+        super(_config_11);
+        this.config = _config_11;
         this.middlewareStack.use(getUserAgentPlugin(this.config));
         this.middlewareStack.use(getRetryPlugin(this.config));
         this.middlewareStack.use(getContentLengthPlugin(this.config));

package/dist-es/commands/CreateSessionCommand.js

@@ -3,7 +3,7 @@ import { getEndpointPlugin } from "@smithy/middleware-endpoint";
 import { getSerdePlugin } from "@smithy/middleware-serde";
 import { Command as $Command } from "@smithy/smithy-client";
 import { commonParams } from "../endpoint/EndpointParameters";
-import { CreateSessionOutputFilterSensitiveLog } from "../models/models_0";
+import { CreateSessionOutputFilterSensitiveLog, CreateSessionRequestFilterSensitiveLog, } from "../models/models_0";
 import { de_CreateSessionCommand, se_CreateSessionCommand } from "../protocols/Aws_restXml";
 export { $Command };
 export class CreateSessionCommand extends $Command
@@ -22,7 +22,7 @@ export class CreateSessionCommand extends $Command
 })
     .s("AmazonS3", "CreateSession", {})
     .n("S3Client", "CreateSessionCommand")
-    .f(void 0, CreateSessionOutputFilterSensitiveLog)
+    .f(CreateSessionRequestFilterSensitiveLog, CreateSessionOutputFilterSensitiveLog)
     .ser(se_CreateSessionCommand)
     .de(de_CreateSessionCommand)
     .build() {

package/dist-es/models/models_0.js

@@ -510,8 +510,15 @@ export const SessionCredentialsFilterSensitiveLog = (obj) => ({
 });
 export const CreateSessionOutputFilterSensitiveLog = (obj) => ({
     ...obj,
+    ...(obj.SSEKMSKeyId && { SSEKMSKeyId: SENSITIVE_STRING }),
+    ...(obj.SSEKMSEncryptionContext && { SSEKMSEncryptionContext: SENSITIVE_STRING }),
     ...(obj.Credentials && { Credentials: SessionCredentialsFilterSensitiveLog(obj.Credentials) }),
 });
+export const CreateSessionRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.SSEKMSKeyId && { SSEKMSKeyId: SENSITIVE_STRING }),
+    ...(obj.SSEKMSEncryptionContext && { SSEKMSEncryptionContext: SENSITIVE_STRING }),
+});
 export const ServerSideEncryptionByDefaultFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.KMSMasterKeyID && { KMSMasterKeyID: SENSITIVE_STRING }),

package/dist-es/protocols/Aws_restXml.js

@@ -189,6 +189,10 @@ export const se_CreateSessionCommand = async (input, context) => {
     const b = rb(input, context);
     const headers = map({}, isSerializableHeaderValue, {
         [_xacsm]: input[_SM],
+        [_xasse]: input[_SSE],
+        [_xasseakki]: input[_SSEKMSKI],
+        [_xassec]: input[_SSEKMSEC],
+        [_xassebke]: [() => isSerializableHeaderValue(input[_BKE]), () => input[_BKE].toString()],
     });
     b.bp("/");
     b.p("Bucket", () => input.Bucket, "{Bucket}", false);
@@ -2141,6 +2145,10 @@ export const de_CreateSessionCommand = async (output, context) => {
     }
     const contents = map({
         $metadata: deserializeMetadata(output),
+        [_SSE]: [, output.headers[_xasse]],
+        [_SSEKMSKI]: [, output.headers[_xasseakki]],
+        [_SSEKMSEC]: [, output.headers[_xassec]],
+        [_BKE]: [() => void 0 !== output.headers[_xassebke], () => __parseBoolean(output.headers[_xassebke])],
     });
     const data = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
     if (data[_C] != null) {

package/dist-es/runtimeConfig.js

@@ -2,6 +2,7 @@ import packageInfo from "../package.json";
 import { NODE_SIGV4A_CONFIG_OPTIONS, emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core";
 import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
 import { NODE_USE_ARN_REGION_CONFIG_OPTIONS } from "@aws-sdk/middleware-bucket-endpoint";
+import { NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS, NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS, } from "@aws-sdk/middleware-flexible-checksums";
 import { NODE_DISABLE_S3_EXPRESS_SESSION_AUTH_OPTIONS } from "@aws-sdk/middleware-sdk-s3";
 import { defaultUserAgent } from "@aws-sdk/util-user-agent-node";
 import { NODE_REGION_CONFIG_FILE_OPTIONS, NODE_REGION_CONFIG_OPTIONS, NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@smithy/config-resolver";
@@ -37,7 +38,9 @@ export const getRuntimeConfig = (config) => {
         maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS),
         md5: config?.md5 ?? Hash.bind(null, "md5"),
         region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS),
+        requestChecksumCalculation: config?.requestChecksumCalculation ?? loadNodeConfig(NODE_REQUEST_CHECKSUM_CALCULATION_CONFIG_OPTIONS),
         requestHandler: RequestHandler.create(config?.requestHandler ?? defaultConfigProvider),
+        responseChecksumValidation: config?.responseChecksumValidation ?? loadNodeConfig(NODE_RESPONSE_CHECKSUM_VALIDATION_CONFIG_OPTIONS),
         retryMode: config?.retryMode ??
             loadNodeConfig({
                 ...NODE_RETRY_MODE_CONFIG_OPTIONS,

package/dist-types/S3Client.d.ts

@@ -1,4 +1,5 @@
 /// <reference types="node" />
+import { FlexibleChecksumsInputConfig, FlexibleChecksumsResolvedConfig } from "@aws-sdk/middleware-flexible-checksums";
 import { HostHeaderInputConfig, HostHeaderResolvedConfig } from "@aws-sdk/middleware-host-header";
 import { S3InputConfig, S3ResolvedConfig } from "@aws-sdk/middleware-sdk-s3";
 import { UserAgentInputConfig, UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
@@ -271,7 +272,7 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
 /**
  * @public
  */
-export type S3ClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & EventStreamSerdeInputConfig & HttpAuthSchemeInputConfig & S3InputConfig & ClientInputEndpointParameters;
+export type S3ClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & FlexibleChecksumsInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & EventStreamSerdeInputConfig & HttpAuthSchemeInputConfig & S3InputConfig & ClientInputEndpointParameters;
 /**
  * @public
  *
@@ -282,7 +283,7 @@ export interface S3ClientConfig extends S3ClientConfigType {
 /**
  * @public
  */
-export type S3ClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & EventStreamSerdeResolvedConfig & HttpAuthSchemeResolvedConfig & S3ResolvedConfig & ClientResolvedEndpointParameters;
+export type S3ClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & FlexibleChecksumsResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & EventStreamSerdeResolvedConfig & HttpAuthSchemeResolvedConfig & S3ResolvedConfig & ClientResolvedEndpointParameters;
 /**
  * @public
  *

package/dist-types/commands/AbortMultipartUploadCommand.d.ts

@@ -161,4 +161,15 @@ declare const AbortMultipartUploadCommand_base: {
  *
  */
 export declare class AbortMultipartUploadCommand extends AbortMultipartUploadCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AbortMultipartUploadRequest;
+            output: AbortMultipartUploadOutput;
+        };
+        sdk: {
+            input: AbortMultipartUploadCommandInput;
+            output: AbortMultipartUploadCommandOutput;
+        };
+    };
 }

package/dist-types/commands/CompleteMultipartUploadCommand.d.ts

@@ -77,6 +77,11 @@ declare const CompleteMultipartUploadCommand_base: {
  *                         information about permissions required to use the multipart upload API, see
  *                            <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html">Multipart Upload and
  *                            Permissions</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *                      <p>If you provide an <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html">additional checksum
+ *                         value</a> in your <code>MultipartUpload</code> requests and the
+ *                         object is encrypted with Key Management Service, you must have permission to use the
+ *                         <code>kms:Decrypt</code> action for the
+ *                         <code>CompleteMultipartUpload</code> request to succeed.</p>
  *                   </li>
  *                   <li>
  *                      <p>
@@ -86,13 +91,9 @@ declare const CompleteMultipartUploadCommand_base: {
  * Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html">
  *                            <code>CreateSession</code>
  *                         </a>.</p>
- *                   </li>
- *                   <li>
- *                      <p> If you provide an <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html">additional checksum
- *                            value</a> in your <code>MultipartUpload</code> requests and the
- *                         object is encrypted with Key Management Service, you must have permission to use the
- *                            <code>kms:Decrypt</code> action for the
- *                            <code>CompleteMultipartUpload</code> request to succeed.</p>
+ *                      <p>If the object is encrypted with
+ *                         SSE-KMS, you must also have the
+ *                         <code>kms:GenerateDataKey</code> and <code>kms:Decrypt</code> permissions in IAM identity-based policies and KMS key policies for the KMS key.</p>
  *                   </li>
  *                </ul>
  *             </dd>
@@ -289,4 +290,15 @@ declare const CompleteMultipartUploadCommand_base: {
  *
  */
 export declare class CompleteMultipartUploadCommand extends CompleteMultipartUploadCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: CompleteMultipartUploadRequest;
+            output: CompleteMultipartUploadOutput;
+        };
+        sdk: {
+            input: CompleteMultipartUploadCommandInput;
+            output: CompleteMultipartUploadCommandOutput;
+        };
+    };
 }

package/dist-types/commands/CopyObjectCommand.d.ts

@@ -124,6 +124,9 @@ declare const CopyObjectCommand_base: {
  *                               key can't be set to <code>ReadOnly</code> on the copy destination bucket. </p>
  *                         </li>
  *                      </ul>
+ *                      <p>If the object is encrypted with
+ *                         SSE-KMS, you must also have the
+ *                         <code>kms:GenerateDataKey</code> and <code>kms:Decrypt</code> permissions in IAM identity-based policies and KMS key policies for the KMS key.</p>
  *                      <p>For example policies, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example bucket policies for S3 Express One Zone</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html">Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone</a> in the
  *                            <i>Amazon S3 User Guide</i>.</p>
  *                   </li>
@@ -310,4 +313,15 @@ declare const CopyObjectCommand_base: {
  *
  */
 export declare class CopyObjectCommand extends CopyObjectCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: CopyObjectRequest;
+            output: CopyObjectOutput;
+        };
+        sdk: {
+            input: CopyObjectCommandInput;
+            output: CopyObjectCommandOutput;
+        };
+    };
 }

package/dist-types/commands/CreateBucketCommand.d.ts

@@ -253,4 +253,15 @@ declare const CreateBucketCommand_base: {
  *
  */
 export declare class CreateBucketCommand extends CreateBucketCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: CreateBucketRequest;
+            output: CreateBucketOutput;
+        };
+        sdk: {
+            input: CreateBucketCommandInput;
+            output: CreateBucketCommandOutput;
+        };
+    };
 }

package/dist-types/commands/CreateMultipartUploadCommand.d.ts

@@ -208,7 +208,27 @@ declare const CreateMultipartUploadCommand_base: {
  *                   </li>
  *                   <li>
  *                      <p>
- *                         <b>Directory buckets</b> -For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (<code>AES256</code>) is supported.</p>
+ *                         <b>Directory buckets</b> - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (<code>AES256</code>) and server-side encryption with KMS keys (SSE-KMS) (<code>aws:kms</code>). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your
+ *             <code>CreateSession</code> requests or <code>PUT</code> object requests. Then, new objects
+ *  are automatically encrypted with the desired encryption settings. For more
+ *          information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html">Protecting data with server-side encryption</a> in the <i>Amazon S3 User Guide</i>. For more information about the encryption overriding behaviors in directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html">Specifying server-side encryption with KMS for new object uploads</a>.</p>
+ *                      <p>In the Zonal endpoint API calls (except <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html">UploadPartCopy</a>) using the REST API, the encryption request headers must match the encryption settings that are specified in the <code>CreateSession</code> request.
+ *                             You can't override the values of the encryption settings (<code>x-amz-server-side-encryption</code>, <code>x-amz-server-side-encryption-aws-kms-key-id</code>, <code>x-amz-server-side-encryption-context</code>, and <code>x-amz-server-side-encryption-bucket-key-enabled</code>) that are specified in the <code>CreateSession</code> request.
+ *                             You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and
+ *                             Amazon S3 will use the encryption settings values from the <code>CreateSession</code> request to protect new objects in the directory bucket.
+ *                            </p>
+ *                      <note>
+ *                         <p>When you use the CLI or the Amazon Web Services SDKs, for <code>CreateSession</code>, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the
+ *                             <code>CreateSession</code> request. It's not supported to override the encryption settings values in the <code>CreateSession</code> request.
+ *                             So in the Zonal endpoint API calls (except <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html">UploadPartCopy</a>),
+ *           the encryption request headers must match the default encryption configuration of the directory bucket.
+ *
+ * </p>
+ *                      </note>
+ *                      <note>
+ *                         <p>For directory buckets, when you perform a <code>CreateMultipartUpload</code> operation and an <code>UploadPartCopy</code> operation,
+ *                         the request headers you provide in the <code>CreateMultipartUpload</code> request must match the default encryption configuration of the destination bucket. </p>
+ *                      </note>
  *                   </li>
  *                </ul>
  *             </dd>
@@ -338,4 +358,15 @@ declare const CreateMultipartUploadCommand_base: {
  *
  */
 export declare class CreateMultipartUploadCommand extends CreateMultipartUploadCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: CreateMultipartUploadRequest;
+            output: CreateMultipartUploadOutput;
+        };
+        sdk: {
+            input: CreateMultipartUploadCommandInput;
+            output: CreateMultipartUploadCommandOutput;
+        };
+    };
 }

package/dist-types/commands/CreateSessionCommand.d.ts

@@ -27,8 +27,8 @@ declare const CreateSessionCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint APIs on directory buckets.
- *          For more information about Zonal endpoint APIs that include the Availability Zone in the request endpoint, see
+ * <p>Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets.
+ *          For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see
  *          <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html">S3 Express One Zone  APIs</a> in the <i>Amazon S3 User Guide</i>.
  *       </p>
  *          <p>To make Zonal endpoint API requests on a directory bucket, use the <code>CreateSession</code>
@@ -36,7 +36,7 @@ declare const CreateSessionCommand_base: {
  *          bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the
  *             <code>CreateSession</code> API request on the bucket, which returns temporary security
  *          credentials that include the access key ID, secret access key, session token, and
- *          expiration. These credentials have associated permissions to access the Zonal endpoint APIs. After
+ *          expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After
  *          the session is created, you don’t need to use other policies to grant permissions to each
  *          Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by
  *          applying the temporary security credentials of the session to the request headers and
@@ -60,12 +60,12 @@ declare const CreateSessionCommand_base: {
  *                <li>
  *                   <p>
  *                      <b>
- *                         <code>CopyObject</code> API operation</b> - Unlike other Zonal endpoint APIs, the <code>CopyObject</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>CopyObject</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>.</p>
+ *                         <code>CopyObject</code> API operation</b> - Unlike other Zonal endpoint API operations, the <code>CopyObject</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>CopyObject</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>.</p>
  *                </li>
  *                <li>
  *                   <p>
  *                      <b>
- *                         <code>HeadBucket</code> API operation</b> - Unlike other Zonal endpoint APIs, the <code>HeadBucket</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>HeadBucket</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html">HeadBucket</a>.</p>
+ *                         <code>HeadBucket</code> API operation</b> - Unlike other Zonal endpoint API operations, the <code>HeadBucket</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>HeadBucket</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html">HeadBucket</a>.</p>
  *                </li>
  *             </ul>
  *          </note>
@@ -82,7 +82,37 @@ declare const CreateSessionCommand_base: {
  *                   </a>. For example policies, see
  *                      <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example bucket policies for S3 Express One Zone</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html">Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone</a> in the
  *                      <i>Amazon S3 User Guide</i>. </p>
- *                <p>To grant cross-account access to Zonal endpoint APIs, the bucket policy should also grant both accounts the <code>s3express:CreateSession</code> permission.</p>
+ *                <p>To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the <code>s3express:CreateSession</code> permission.</p>
+ *                <p>If you want to encrypt objects with SSE-KMS, you must also have the <code>kms:GenerateDataKey</code> and the <code>kms:Decrypt</code> permissions in IAM identity-based policies and KMS key policies for the target KMS key.</p>
+ *             </dd>
+ *             <dt>Encryption</dt>
+ *             <dd>
+ *                <p>For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (<code>AES256</code>) and server-side encryption with KMS keys (SSE-KMS) (<code>aws:kms</code>). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your
+ *             <code>CreateSession</code> requests or <code>PUT</code> object requests. Then, new objects
+ *  are automatically encrypted with the desired encryption settings. For more
+ *          information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html">Protecting data with server-side encryption</a> in the <i>Amazon S3 User Guide</i>. For more information about the encryption overriding behaviors in directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html">Specifying server-side encryption with KMS for new object uploads</a>.</p>
+ *                <p>For <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-differences.html#s3-express-differences-api-operations">Zonal endpoint (object-level) API operations</a> except <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html">UploadPartCopy</a>,
+ * you authenticate and authorize requests through <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html">CreateSession</a> for low latency.
+ *                             To encrypt new objects in a directory bucket with SSE-KMS, you must specify SSE-KMS as the directory bucket's default encryption configuration with a KMS key (specifically, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>). Then, when a session is created for Zonal endpoint API operations, new objects are automatically encrypted and decrypted with SSE-KMS and S3 Bucket Keys during the session.</p>
+ *                <note>
+ *                   <p>
+ *                             Only 1 <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a> is supported per directory bucket for the lifetime of the bucket. <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a> (<code>aws/s3</code>) isn't supported.
+ *                             After you specify SSE-KMS as your bucket's default encryption configuration with a customer managed key, you can't change the customer managed key for the bucket's SSE-KMS configuration.
+ *                             </p>
+ *                </note>
+ *                <p>In the Zonal endpoint API calls (except <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html">UploadPartCopy</a>) using the REST API,
+ *                             you can't override the values of the encryption settings (<code>x-amz-server-side-encryption</code>, <code>x-amz-server-side-encryption-aws-kms-key-id</code>, <code>x-amz-server-side-encryption-context</code>, and <code>x-amz-server-side-encryption-bucket-key-enabled</code>) from the <code>CreateSession</code> request.
+ *                             You don't need to explicitly specify these encryption settings values in Zonal endpoint API calls, and
+ *                             Amazon S3 will use the encryption settings values from the <code>CreateSession</code> request to protect new objects in the directory bucket.
+ *                            </p>
+ *                <note>
+ *                   <p>When you use the CLI or the Amazon Web Services SDKs, for <code>CreateSession</code>, the session token refreshes automatically to avoid service interruptions when a session expires. The CLI or the Amazon Web Services SDKs use the bucket's default encryption configuration for the
+ *                             <code>CreateSession</code> request. It's not supported to override the encryption settings values in the <code>CreateSession</code> request.
+ *                             Also, in the Zonal endpoint API calls (except <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html">UploadPartCopy</a>),
+ *           it's not supported to override the values of the encryption settings from the <code>CreateSession</code> request.
+ *
+ * </p>
+ *                </note>
  *             </dd>
  *             <dt>HTTP Host header syntax</dt>
  *             <dd>
@@ -100,10 +130,18 @@ declare const CreateSessionCommand_base: {
  * const input = { // CreateSessionRequest
  *   SessionMode: "ReadOnly" || "ReadWrite",
  *   Bucket: "STRING_VALUE", // required
+ *   ServerSideEncryption: "AES256" || "aws:kms" || "aws:kms:dsse",
+ *   SSEKMSKeyId: "STRING_VALUE",
+ *   SSEKMSEncryptionContext: "STRING_VALUE",
+ *   BucketKeyEnabled: true || false,
  * };
  * const command = new CreateSessionCommand(input);
  * const response = await client.send(command);
  * // { // CreateSessionOutput
+ * //   ServerSideEncryption: "AES256" || "aws:kms" || "aws:kms:dsse",
+ * //   SSEKMSKeyId: "STRING_VALUE",
+ * //   SSEKMSEncryptionContext: "STRING_VALUE",
+ * //   BucketKeyEnabled: true || false,
  * //   Credentials: { // SessionCredentials
  * //     AccessKeyId: "STRING_VALUE", // required
  * //     SecretAccessKey: "STRING_VALUE", // required
@@ -129,4 +167,15 @@ declare const CreateSessionCommand_base: {
  * @public
  */
 export declare class CreateSessionCommand extends CreateSessionCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: CreateSessionRequest;
+            output: CreateSessionOutput;
+        };
+        sdk: {
+            input: CreateSessionCommandInput;
+            output: CreateSessionCommandOutput;
+        };
+    };
 }

package/dist-types/commands/DeleteBucketAnalyticsConfigurationCommand.d.ts

@@ -87,4 +87,15 @@ declare const DeleteBucketAnalyticsConfigurationCommand_base: {
  * @public
  */
 export declare class DeleteBucketAnalyticsConfigurationCommand extends DeleteBucketAnalyticsConfigurationCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: DeleteBucketAnalyticsConfigurationRequest;
+            output: {};
+        };
+        sdk: {
+            input: DeleteBucketAnalyticsConfigurationCommandInput;
+            output: DeleteBucketAnalyticsConfigurationCommandOutput;
+        };
+    };
 }

package/dist-types/commands/DeleteBucketCommand.d.ts

@@ -116,4 +116,15 @@ declare const DeleteBucketCommand_base: {
  *
  */
 export declare class DeleteBucketCommand extends DeleteBucketCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: DeleteBucketRequest;
+            output: {};
+        };
+        sdk: {
+            input: DeleteBucketCommandInput;
+            output: DeleteBucketCommandOutput;
+        };
+    };
 }

package/dist-types/commands/DeleteBucketCorsCommand.d.ts

@@ -90,4 +90,15 @@ declare const DeleteBucketCorsCommand_base: {
  *
  */
 export declare class DeleteBucketCorsCommand extends DeleteBucketCorsCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: DeleteBucketCorsRequest;
+            output: {};
+        };
+        sdk: {
+            input: DeleteBucketCorsCommandInput;
+            output: DeleteBucketCorsCommandOutput;
+        };
+    };
 }