npm - @aws-sdk/client-s3 - Versions diffs - 3.697.0 → 3.698.0 - Mend

@aws-sdk/client-s3 3.697.0 → 3.698.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

package/dist-types/commands/CreateMultipartUploadCommand.d.ts CHANGED Viewed

@@ -30,28 +30,31 @@ declare const CreateMultipartUploadCommand_base: {
  * <p>This action initiates a multipart upload and returns an upload ID. This upload ID is
  *          used to associate all of the parts in the specific multipart upload. You specify this
  *          upload ID in each of your subsequent upload part requests (see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html">UploadPart</a>). You also include this
- *          upload ID in the final request to either complete or abort the multipart upload
- *          request. For more information about multipart uploads, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html">Multipart Upload Overview</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *          upload ID in the final request to either complete or abort the multipart upload request.
+ *          For more information about multipart uploads, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html">Multipart Upload Overview</a> in the
+ *             <i>Amazon S3 User Guide</i>.</p>
  *          <note>
  *             <p>After you initiate a multipart upload and upload one or more parts, to stop being
  *             charged for storing the uploaded parts, you must either complete or abort the multipart
  *             upload. Amazon S3 frees up the space used to store the parts and stops charging you for
  *             storing them only after you either complete or abort a multipart upload. </p>
  *          </note>
- *          <p>If you have configured a lifecycle rule to abort incomplete multipart uploads, the created multipart
- *          upload must be completed within the number of days specified in the bucket lifecycle
- *          configuration. Otherwise, the incomplete multipart upload becomes eligible for an abort
- *          action and Amazon S3 aborts the multipart upload. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config">Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
- *             Configuration</a>.</p>
+ *          <p>If you have configured a lifecycle rule to abort incomplete multipart uploads, the
+ *          created multipart upload must be completed within the number of days specified in the
+ *          bucket lifecycle configuration. Otherwise, the incomplete multipart upload becomes eligible
+ *          for an abort action and Amazon S3 aborts the multipart upload. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config">Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle
+ *          Configuration</a>.</p>
  *          <note>
  *             <ul>
  *                <li>
  *                   <p>
- *                      <b>Directory buckets </b> - S3 Lifecycle is not supported by directory buckets.</p>
+ *                      <b>Directory buckets </b> -
+ *                   S3 Lifecycle is not supported by directory buckets.</p>
  *                </li>
  *                <li>
  *                   <p>
- *                      <b>Directory buckets </b> - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format <code>https://<i>bucket_name</i>.s3express-<i>az_id</i>.<i>region</i>.amazonaws.com/<i>key-name</i>
+ *                      <b>Directory buckets </b> -
+ *                   For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format <code>https://<i>bucket_name</i>.s3express-<i>az_id</i>.<i>region</i>.amazonaws.com/<i>key-name</i>
  *                      </code>. Path-style requests are not supported. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html">Regional and Zonal endpoints</a> in the
  *     <i>Amazon S3 User Guide</i>.</p>
  *                </li>
@@ -60,10 +63,13 @@ declare const CreateMultipartUploadCommand_base: {
  *          <dl>
  *             <dt>Request signing</dt>
  *             <dd>
- *                <p>For request signing, multipart upload is just a series of regular requests. You initiate
- *                a multipart upload, send one or more requests to upload parts, and then complete the
- *                multipart upload process. You sign each request individually. There is nothing special
- *                about signing multipart upload requests. For more information about signing, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html">Authenticating Requests (Amazon Web Services Signature Version 4)</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *                <p>For request signing, multipart upload is just a series of regular requests. You
+ *                   initiate a multipart upload, send one or more requests to upload parts, and then
+ *                   complete the multipart upload process. You sign each request individually. There
+ *                   is nothing special about signing multipart upload requests. For more information
+ *                   about signing, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html">Authenticating
+ *                      Requests (Amazon Web Services Signature Version 4)</a> in the
+ *                      <i>Amazon S3 User Guide</i>.</p>
  *             </dd>
  *             <dt>Permissions</dt>
  *             <dd>
@@ -101,29 +107,36 @@ declare const CreateMultipartUploadCommand_base: {
  *                <ul>
  *                   <li>
  *                      <p>
- *                         <b>General purpose buckets</b> - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it
- *                         writes it to disks in its data centers and decrypts it when you access it. Amazon S3
- *                         automatically encrypts all new objects that are uploaded to an S3 bucket. When doing a
- *                         multipart upload, if you don't specify encryption information in your request, the
- *                         encryption setting of the uploaded parts is set to the default encryption configuration of
- *                         the destination bucket. By default, all buckets have a base level of encryption
- *                         configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the
- *                         destination bucket has a default encryption configuration that uses server-side encryption
- *                         with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided encryption key (SSE-C),
- *                         Amazon S3 uses the corresponding KMS key, or a customer-provided key to encrypt the uploaded
- *                         parts. When you perform a CreateMultipartUpload operation, if you want to use a different
- *                         type of encryption setting for the uploaded parts, you can request that Amazon S3 encrypts the
- *                         object with a different encryption key (such as an Amazon S3 managed key, a KMS key, or a customer-provided key). When the encryption
- *                         setting in your request is different from the default encryption configuration of the
- *                         destination bucket, the encryption setting in your request takes precedence. If you choose
- *                         to provide your own encryption key, the request headers you provide in <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html">UploadPart</a>
- *                         and <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html">UploadPartCopy</a> requests must match the headers you used in the <code>CreateMultipartUpload</code> request.</p>
+ *                         <b>General purpose buckets</b> - Server-side
+ *                         encryption is for data encryption at rest. Amazon S3 encrypts your data as it
+ *                         writes it to disks in its data centers and decrypts it when you access it.
+ *                         Amazon S3 automatically encrypts all new objects that are uploaded to an S3
+ *                         bucket. When doing a multipart upload, if you don't specify encryption
+ *                         information in your request, the encryption setting of the uploaded parts is
+ *                         set to the default encryption configuration of the destination bucket. By
+ *                         default, all buckets have a base level of encryption configuration that uses
+ *                         server-side encryption with Amazon S3 managed keys (SSE-S3). If the destination
+ *                         bucket has a default encryption configuration that uses server-side
+ *                         encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided
+ *                         encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a
+ *                         customer-provided key to encrypt the uploaded parts. When you perform a
+ *                         CreateMultipartUpload operation, if you want to use a different type of
+ *                         encryption setting for the uploaded parts, you can request that Amazon S3
+ *                         encrypts the object with a different encryption key (such as an Amazon S3 managed
+ *                         key, a KMS key, or a customer-provided key). When the encryption setting
+ *                         in your request is different from the default encryption configuration of
+ *                         the destination bucket, the encryption setting in your request takes
+ *                         precedence. If you choose to provide your own encryption key, the request
+ *                         headers you provide in <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html">UploadPart</a> and
+ *                            <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html">UploadPartCopy</a>
+ *                         requests must match the headers you used in the
+ *                            <code>CreateMultipartUpload</code> request.</p>
  *                      <ul>
  *                         <li>
  *                            <p>Use KMS keys (SSE-KMS) that include the Amazon Web Services managed key
- *                               (<code>aws/s3</code>) and KMS customer managed keys stored in Key Management Service (KMS) –
- *                               If you want Amazon Web Services to manage the keys used to encrypt data, specify the
- *                               following headers in the request.</p>
+ *                                  (<code>aws/s3</code>) and KMS customer managed keys stored in Key Management Service
+ *                               (KMS) – If you want Amazon Web Services to manage the keys used to encrypt data,
+ *                               specify the following headers in the request.</p>
  *                            <ul>
  *                               <li>
  *                                  <p>
@@ -144,44 +157,53 @@ declare const CreateMultipartUploadCommand_base: {
  *                            <note>
  *                               <ul>
  *                                  <li>
- *                                     <p>If you specify <code>x-amz-server-side-encryption:aws:kms</code>, but
- *                                     don't provide <code>x-amz-server-side-encryption-aws-kms-key-id</code>,
- *                                     Amazon S3 uses the Amazon Web Services managed key (<code>aws/s3</code> key) in KMS to
- *                                     protect the data.</p>
+ *                                     <p>If you specify
+ *                                           <code>x-amz-server-side-encryption:aws:kms</code>, but
+ *                                        don't provide
+ *                                           <code>x-amz-server-side-encryption-aws-kms-key-id</code>,
+ *                                        Amazon S3 uses the Amazon Web Services managed key (<code>aws/s3</code> key) in
+ *                                        KMS to protect the data.</p>
  *                                  </li>
  *                                  <li>
- *                                     <p>To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester
- *                                     must have permission to the <code>kms:Decrypt</code> and <code>kms:GenerateDataKey*</code>
- *                                     actions on the key. These permissions are required because Amazon S3 must decrypt and read data
- *                                     from the encrypted file parts before it completes the multipart upload. For more
- *                                     information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions">Multipart upload API
- *                                        and permissions</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting data using
- *                                           server-side encryption with Amazon Web Services KMS</a> in the
- *                                     <i>Amazon S3 User Guide</i>.</p>
+ *                                     <p>To perform a multipart upload with encryption by using an
+ *                                        Amazon Web Services KMS key, the requester must have permission to the
+ *                                           <code>kms:Decrypt</code> and
+ *                                           <code>kms:GenerateDataKey*</code> actions on the key.
+ *                                        These permissions are required because Amazon S3 must decrypt and
+ *                                        read data from the encrypted file parts before it completes
+ *                                        the multipart upload. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions">Multipart upload API and permissions</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting data using server-side encryption with Amazon Web Services
+ *                                           KMS</a> in the
+ *                                        <i>Amazon S3 User Guide</i>.</p>
  *                                  </li>
  *                                  <li>
- *                                     <p>If your Identity and Access Management (IAM) user or role is in the same Amazon Web Services account as the KMS key,
- *                                     then you must have these permissions on the key policy. If your IAM user or role is in a different account from the key, then you must have the permissions on both the key
- *                                     policy and your IAM user or role.</p>
+ *                                     <p>If your Identity and Access Management (IAM) user or role is in the same
+ *                                        Amazon Web Services account as the KMS key, then you must have these
+ *                                        permissions on the key policy. If your IAM user or role is
+ *                                        in a different account from the key, then you must have the
+ *                                        permissions on both the key policy and your IAM user or
+ *                                        role.</p>
  *                                  </li>
  *                                  <li>
- *                                     <p>All <code>GET</code> and <code>PUT</code> requests for an object
- *                                        protected by KMS fail if you don't make them by using Secure Sockets
- *                                        Layer (SSL), Transport Layer Security (TLS), or Signature Version
- *                                        4. For information about configuring any of the officially supported Amazon Web Services
- *                                        SDKs and Amazon Web Services CLI, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version">Specifying the Signature Version in Request Authentication</a>
- *                                        in the <i>Amazon S3 User Guide</i>.</p>
+ *                                     <p>All <code>GET</code> and <code>PUT</code> requests for an
+ *                                        object protected by KMS fail if you don't make them by
+ *                                        using Secure Sockets Layer (SSL), Transport Layer Security
+ *                                        (TLS), or Signature Version 4. For information about
+ *                                        configuring any of the officially supported Amazon Web Services SDKs and
+ *                                        Amazon Web Services CLI, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version">Specifying the Signature Version in
+ *                                           Request Authentication</a> in the
+ *                                           <i>Amazon S3 User Guide</i>.</p>
  *                                  </li>
  *                               </ul>
  *                            </note>
  *                            <p>For more information about server-side encryption with KMS keys
- *                               (SSE-KMS), see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting Data
- *                                  Using Server-Side Encryption with KMS keys</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *                               (SSE-KMS), see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting
+ *                                  Data Using Server-Side Encryption with KMS keys</a> in the
+ *                                  <i>Amazon S3 User Guide</i>.</p>
  *                         </li>
  *                         <li>
- *                            <p>Use customer-provided encryption keys (SSE-C) – If you want to manage
- *                               your own encryption keys, provide all the following headers in the
- *                               request.</p>
+ *                            <p>Use customer-provided encryption keys (SSE-C) – If you want to
+ *                               manage your own encryption keys, provide all the following headers in
+ *                               the request.</p>
  *                            <ul>
  *                               <li>
  *                                  <p>
@@ -199,16 +221,17 @@ declare const CreateMultipartUploadCommand_base: {
  *                                  </p>
  *                               </li>
  *                            </ul>
- *                            <p>For more information about server-side encryption with customer-provided
- *                               encryption keys (SSE-C), see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html">
- *                                  Protecting data using server-side encryption with customer-provided
- *                                  encryption keys (SSE-C)</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *                            <p>For more information about server-side encryption with
+ *                               customer-provided encryption keys (SSE-C), see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html"> Protecting data using server-side encryption with
+ *                                  customer-provided encryption keys (SSE-C)</a> in the
+ *                                  <i>Amazon S3 User Guide</i>.</p>
  *                         </li>
  *                      </ul>
  *                   </li>
  *                   <li>
  *                      <p>
- *                         <b>Directory buckets</b> - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (<code>AES256</code>) and server-side encryption with KMS keys (SSE-KMS) (<code>aws:kms</code>). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your
+ *                         <b>Directory buckets</b> -
+ *                         For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (<code>AES256</code>) and server-side encryption with KMS keys (SSE-KMS) (<code>aws:kms</code>). We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your
  *             <code>CreateSession</code> requests or <code>PUT</code> object requests. Then, new objects
  *  are automatically encrypted with the desired encryption settings. For more
  *          information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html">Protecting data with server-side encryption</a> in the <i>Amazon S3 User Guide</i>. For more information about the encryption overriding behaviors in directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html">Specifying server-side encryption with KMS for new object uploads</a>.</p>
@@ -226,8 +249,11 @@ declare const CreateMultipartUploadCommand_base: {
  * </p>
  *                      </note>
  *                      <note>
- *                         <p>For directory buckets, when you perform a <code>CreateMultipartUpload</code> operation and an <code>UploadPartCopy</code> operation,
- *                         the request headers you provide in the <code>CreateMultipartUpload</code> request must match the default encryption configuration of the destination bucket. </p>
+ *                         <p>For directory buckets, when you perform a
+ *                               <code>CreateMultipartUpload</code> operation and an
+ *                               <code>UploadPartCopy</code> operation, the request headers you provide
+ *                            in the <code>CreateMultipartUpload</code> request must match the default
+ *                            encryption configuration of the destination bucket. </p>
  *                      </note>
  *                   </li>
  *                </ul>

package/dist-types/commands/CreateSessionCommand.d.ts CHANGED Viewed

@@ -27,10 +27,10 @@ declare const CreateSessionCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets.
- *          For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see
- *          <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html">S3 Express One Zone  APIs</a> in the <i>Amazon S3 User Guide</i>.
- *       </p>
+ * <p>Creates a session that establishes temporary security credentials to support fast
+ *          authentication and authorization for the Zonal endpoint API operations on directory buckets. For more
+ *          information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html">S3 Express One Zone
+ *             APIs</a> in the <i>Amazon S3 User Guide</i>. </p>
  *          <p>To make Zonal endpoint API requests on a directory bucket, use the <code>CreateSession</code>
  *          API operation. Specifically, you grant <code>s3express:CreateSession</code> permission to a
  *          bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the
@@ -60,30 +60,44 @@ declare const CreateSessionCommand_base: {
  *                <li>
  *                   <p>
  *                      <b>
- *                         <code>CopyObject</code> API operation</b> - Unlike other Zonal endpoint API operations, the <code>CopyObject</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>CopyObject</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>.</p>
+ *                         <code>CopyObject</code> API operation</b> -
+ *                   Unlike other Zonal endpoint API operations, the <code>CopyObject</code> API operation doesn't use
+ *                   the temporary security credentials returned from the <code>CreateSession</code>
+ *                   API operation for authentication and authorization. For information about
+ *                   authentication and authorization of the <code>CopyObject</code> API operation on
+ *                   directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>.</p>
  *                </li>
  *                <li>
  *                   <p>
  *                      <b>
- *                         <code>HeadBucket</code> API operation</b> - Unlike other Zonal endpoint API operations, the <code>HeadBucket</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>HeadBucket</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html">HeadBucket</a>.</p>
+ *                         <code>HeadBucket</code> API operation</b> -
+ *                   Unlike other Zonal endpoint API operations, the <code>HeadBucket</code> API operation doesn't use
+ *                   the temporary security credentials returned from the <code>CreateSession</code>
+ *                   API operation for authentication and authorization. For information about
+ *                   authentication and authorization of the <code>HeadBucket</code> API operation on
+ *                   directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html">HeadBucket</a>.</p>
  *                </li>
  *             </ul>
  *          </note>
  *          <dl>
  *             <dt>Permissions</dt>
  *             <dd>
- *                <p>To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that
- *                   grants <code>s3express:CreateSession</code> permission to the bucket. In a
- *                   policy, you can have the <code>s3express:SessionMode</code> condition key to
- *                   control who can create a <code>ReadWrite</code> or <code>ReadOnly</code> session.
- *                   For more information about <code>ReadWrite</code> or <code>ReadOnly</code>
- *                   sessions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters">
+ *                <p>To obtain temporary security credentials, you must create
+ *                   a bucket policy or an IAM identity-based policy that grants <code>s3express:CreateSession</code>
+ *                   permission to the bucket. In a policy, you can have the
+ *                      <code>s3express:SessionMode</code> condition key to control who can create a
+ *                      <code>ReadWrite</code> or <code>ReadOnly</code> session. For more information
+ *                   about <code>ReadWrite</code> or <code>ReadOnly</code> sessions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters">
  *                      <code>x-amz-create-session-mode</code>
  *                   </a>. For example policies, see
- *                      <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example bucket policies for S3 Express One Zone</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html">Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone</a> in the
- *                      <i>Amazon S3 User Guide</i>. </p>
- *                <p>To grant cross-account access to Zonal endpoint API operations, the bucket policy should also grant both accounts the <code>s3express:CreateSession</code> permission.</p>
- *                <p>If you want to encrypt objects with SSE-KMS, you must also have the <code>kms:GenerateDataKey</code> and the <code>kms:Decrypt</code> permissions in IAM identity-based policies and KMS key policies for the target KMS key.</p>
+ *                      <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example bucket policies for S3 Express One Zone</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html">Amazon Web Services Identity and Access Management (IAM) identity-based policies for
+ *                      S3 Express One Zone</a> in the <i>Amazon S3 User Guide</i>. </p>
+ *                <p>To grant cross-account access to Zonal endpoint API operations, the bucket policy should also
+ *                   grant both accounts the <code>s3express:CreateSession</code> permission.</p>
+ *                <p>If you want to encrypt objects with SSE-KMS, you must also have the
+ *                      <code>kms:GenerateDataKey</code> and the <code>kms:Decrypt</code> permissions
+ *                   in IAM identity-based policies and KMS key policies for the target KMS
+ *                   key.</p>
  *             </dd>
  *             <dt>Encryption</dt>
  *             <dd>

package/dist-types/commands/DeleteBucketAnalyticsConfigurationCommand.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ declare const DeleteBucketAnalyticsConfigurationCommand_base: {
 };
 /**
  * <note>
- *             <p>This operation is not supported by directory buckets.</p>
+ *             <p>This operation is not supported for directory buckets.</p>
  *          </note>
  *          <p>Deletes an analytics configuration for the bucket (specified by the analytics
  *          configuration ID).</p>

package/dist-types/commands/DeleteBucketCommand.d.ts CHANGED Viewed

@@ -33,7 +33,9 @@ declare const DeleteBucketCommand_base: {
  *             <ul>
  *                <li>
  *                   <p>
- *                      <b>Directory buckets</b> - If multipart uploads in a directory bucket are in progress, you can't delete the bucket until all the in-progress multipart uploads are aborted or completed.</p>
+ *                      <b>Directory buckets</b> - If multipart
+ *                   uploads in a directory bucket are in progress, you can't delete the bucket until
+ *                   all the in-progress multipart uploads are aborted or completed.</p>
  *                </li>
  *                <li>
  *                   <p>
@@ -50,11 +52,16 @@ declare const DeleteBucketCommand_base: {
  *                <ul>
  *                   <li>
  *                      <p>
- *                         <b>General purpose bucket permissions</b> - You must have the <code>s3:DeleteBucket</code> permission on the specified bucket in a policy.</p>
+ *                         <b>General purpose bucket permissions</b> - You
+ *                         must have the <code>s3:DeleteBucket</code> permission on the specified
+ *                         bucket in a policy.</p>
  *                   </li>
  *                   <li>
  *                      <p>
- *                         <b>Directory bucket permissions</b> - You must have the <code>s3express:DeleteBucket</code> permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html">Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *                         <b>Directory bucket permissions</b> -
+ *                         You must have the <code>s3express:DeleteBucket</code> permission in
+ *                         an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource.
+ *                         For more information about directory bucket policies and permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html">Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone</a> in the <i>Amazon S3 User Guide</i>.</p>
  *                   </li>
  *                </ul>
  *             </dd>

package/dist-types/commands/DeleteBucketCorsCommand.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ declare const DeleteBucketCorsCommand_base: {
 };
 /**
  * <note>
- *             <p>This operation is not supported by directory buckets.</p>
+ *             <p>This operation is not supported for directory buckets.</p>
  *          </note>
  *          <p>Deletes the <code>cors</code> configuration information set for the bucket.</p>
  *          <p>To use this operation, you must have permission to perform the

package/dist-types/commands/DeleteBucketEncryptionCommand.d.ts CHANGED Viewed

@@ -33,13 +33,16 @@ declare const DeleteBucketEncryptionCommand_base: {
  *             <ul>
  *                <li>
  *                   <p>
- *                      <b>General purpose buckets</b> - For information about the bucket default encryption feature, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html">Amazon S3 Bucket
- *                   Default Encryption</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *                      <b>General purpose buckets</b> - For information
+ *                   about the bucket default encryption feature, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html">Amazon S3 Bucket Default
+ *                      Encryption</a> in the <i>Amazon S3 User Guide</i>.</p>
  *                </li>
  *                <li>
  *                   <p>
- *                      <b>Directory buckets</b> - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html">Setting default server-side encryption behavior
- *                   for directory buckets</a>.</p>
+ *                      <b>Directory buckets</b> -
+ *                   For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption
+ *                   configuration in directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html">Setting
+ *                      default server-side encryption behavior for directory buckets</a>.</p>
  *                </li>
  *             </ul>
  *          </note>
@@ -49,15 +52,20 @@ declare const DeleteBucketEncryptionCommand_base: {
  *                <ul>
  *                   <li>
  *                      <p>
- *                         <b>General purpose bucket permissions</b> - The <code>s3:PutEncryptionConfiguration</code> permission is required in a policy.
- *                         The bucket owner has this permission
- *                         by default. The bucket owner can grant this permission to others. For more information
- *                         about permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources">Permissions Related to Bucket Operations</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html">Managing
- *                               Access Permissions to Your Amazon S3 Resources</a>.</p>
+ *                         <b>General purpose bucket permissions</b> - The
+ *                            <code>s3:PutEncryptionConfiguration</code> permission is required in a
+ *                         policy. The bucket owner has this permission by default. The bucket owner
+ *                         can grant this permission to others. For more information about permissions,
+ *                         see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources">Permissions Related to Bucket Operations</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html">Managing Access
+ *                            Permissions to Your Amazon S3 Resources</a>.</p>
  *                   </li>
  *                   <li>
  *                      <p>
- *                         <b>Directory bucket permissions</b> - To grant access to this API operation, you must have the <code>s3express:PutEncryptionConfiguration</code> permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html">Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone</a> in the <i>Amazon S3 User Guide</i>.</p>
+ *                         <b>Directory bucket permissions</b> -
+ *                         To grant access to this API operation, you must have the
+ *                            <code>s3express:PutEncryptionConfiguration</code> permission in
+ *                         an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource.
+ *                         For more information about directory bucket policies and permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html">Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone</a> in the <i>Amazon S3 User Guide</i>.</p>
  *                   </li>
  *                </ul>
  *             </dd>

package/dist-types/commands/DeleteBucketIntelligentTieringConfigurationCommand.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ declare const DeleteBucketIntelligentTieringConfigurationCommand_base: {
 };
 /**
  * <note>
- *             <p>This operation is not supported by directory buckets.</p>
+ *             <p>This operation is not supported for directory buckets.</p>
  *          </note>
  *          <p>Deletes the S3 Intelligent-Tiering configuration from the specified bucket.</p>
  *          <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.</p>

package/dist-types/commands/DeleteBucketInventoryConfigurationCommand.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ declare const DeleteBucketInventoryConfigurationCommand_base: {
 };
 /**
  * <note>
- *             <p>This operation is not supported by directory buckets.</p>
+ *             <p>This operation is not supported for directory buckets.</p>
  *          </note>
  *          <p>Deletes an inventory configuration (identified by the inventory ID) from the
  *          bucket.</p>

package/dist-types/commands/DeleteBucketLifecycleCommand.d.ts CHANGED Viewed

@@ -27,18 +27,61 @@ declare const DeleteBucketLifecycleCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <note>
- *             <p>This operation is not supported by directory buckets.</p>
- *          </note>
- *          <p>Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the
+ * <p>Deletes the lifecycle configuration from the specified bucket. Amazon S3 removes all the
  *          lifecycle configuration rules in the lifecycle subresource associated with the bucket. Your
  *          objects never expire, and Amazon S3 no longer automatically deletes any objects on the basis of
  *          rules contained in the deleted lifecycle configuration.</p>
- *          <p>To use this operation, you must have permission to perform the
- *             <code>s3:PutLifecycleConfiguration</code> action. By default, the bucket owner has this
- *          permission and the bucket owner can grant this permission to others.</p>
- *          <p>There is usually some time lag before lifecycle configuration deletion is fully
- *          propagated to all the Amazon S3 systems.</p>
+ *          <dl>
+ *             <dt>Permissions</dt>
+ *             <dd>
+ *                <ul>
+ *                   <li>
+ *                      <p>
+ *                         <b>General purpose bucket permissions</b> - By
+ *                         default, all Amazon S3 resources are private, including buckets, objects, and
+ *                         related subresources (for example, lifecycle configuration and website
+ *                         configuration). Only the resource owner (that is, the Amazon Web Services account that
+ *                         created it) can access the resource. The resource owner can optionally grant
+ *                         access permissions to others by writing an access policy. For this
+ *                         operation, a user must have the <code>s3:PutLifecycleConfiguration</code>
+ *                         permission.</p>
+ *                      <p>For more information about permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html">Managing Access
+ *                            Permissions to Your Amazon S3 Resources</a>.</p>
+ *                   </li>
+ *                </ul>
+ *                <ul>
+ *                   <li>
+ *                      <p>
+ *                         <b>Directory bucket permissions</b> -
+ *                         You must have the <code>s3express:PutLifecycleConfiguration</code>
+ *                         permission in an IAM identity-based policy to use this operation.
+ *                         Cross-account access to this API operation isn't supported. The resource
+ *                         owner can optionally grant access permissions to others by creating a role
+ *                         or user for them as long as they are within the same account as the owner
+ *                         and resource.</p>
+ *                      <p>For more information about directory bucket policies and permissions, see
+ *                            <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html">Authorizing Regional endpoint APIs with IAM</a> in the
+ *                            <i>Amazon S3 User Guide</i>.</p>
+ *                      <note>
+ *                         <p>
+ *                            <b>Directory buckets </b> - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format <code>https://s3express-control.<i>region_code</i>.amazonaws.com/<i>bucket-name</i>
+ *                            </code>. Virtual-hosted-style requests aren't supported.
+ * For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html">Regional and Zonal endpoints</a> in the
+ *     <i>Amazon S3 User Guide</i>.</p>
+ *                      </note>
+ *                   </li>
+ *                </ul>
+ *             </dd>
+ *          </dl>
+ *          <dl>
+ *             <dt>HTTP Host header syntax</dt>
+ *             <dd>
+ *                <p>
+ *                   <b>Directory buckets </b> - The HTTP Host
+ *                   header syntax is
+ *                      <code>s3express-control.<i>region</i>.amazonaws.com</code>.</p>
+ *             </dd>
+ *          </dl>
  *          <p>For more information about the object expiration, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#intro-lifecycle-rules-actions">Elements to Describe Lifecycle Actions</a>.</p>
  *          <p>Related actions include:</p>
  *          <ul>

package/dist-types/commands/DeleteBucketMetricsConfigurationCommand.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ declare const DeleteBucketMetricsConfigurationCommand_base: {
 };
 /**
  * <note>
- *             <p>This operation is not supported by directory buckets.</p>
+ *             <p>This operation is not supported for directory buckets.</p>
  *          </note>
  *          <p>Deletes a metrics configuration for the Amazon CloudWatch request metrics (specified by the
  *          metrics configuration ID) from the bucket. Note that this doesn't include the daily storage

package/dist-types/commands/DeleteBucketOwnershipControlsCommand.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ declare const DeleteBucketOwnershipControlsCommand_base: {
 };
 /**
  * <note>
- *             <p>This operation is not supported by directory buckets.</p>
+ *             <p>This operation is not supported for directory buckets.</p>
  *          </note>
  *          <p>Removes <code>OwnershipControls</code> for an Amazon S3 bucket. To use this operation, you
  *          must have the <code>s3:PutBucketOwnershipControls</code> permission. For more information