@aws-sdk/middleware-bucket-endpoint 3.30.0 → 3.35.0

package/{dist/types → dist-types}/configurations.d.ts

@@ -14,13 +14,21 @@ export interface BucketEndpointInputConfig {
      */
     useAccelerateEndpoint?: boolean;
     /**
-     * Enables IPv6/IPv4 dualstack endpoint. When a DNS lookup is performed on an endpoint of this type, it returns an “A” record with an IPv4 address and an “AAAA” record with an IPv6 address. In most cases the network stack in the client environment will automatically prefer the AAAA record and make a connection using the IPv6 address. Note, however, that currently on Windows, the IPv4 address will be preferred.
+     * Enables IPv6/IPv4 dualstack endpoint. When a DNS lookup is performed on an endpoint of this type, it returns an “A”
+     * record with an IPv4 address and an “AAAA” record with an IPv6 address. In most cases the network stack in the
+     * client environment will automatically prefer the AAAA record and make a connection using the IPv6 address. Note,
+     * however, that currently on Windows, the IPv4 address will be preferred.
      */
     useDualstackEndpoint?: boolean;
     /**
      * Whether to override the request region with the region inferred from requested resource's ARN. Defaults to false
      */
     useArnRegion?: boolean | Provider<boolean>;
+    /**
+     * Whether to prevent SDK from making cross-region request when supplied bucket is a multi-region access point ARN.
+     * Defaults to false
+     */
+    disableMultiregionAccessPoints?: boolean | Provider<boolean>;
 }
 interface PreviouslyResolved {
     isCustomEndpoint: boolean;
@@ -62,14 +70,18 @@ export interface BucketEndpointResolvedConfig {
      * @internal
      */
     regionInfoProvider: RegionInfoProvider;
+    disableMultiregionAccessPoints: Provider<boolean>;
 }
 export declare function resolveBucketEndpointConfig<T>(input: T & PreviouslyResolved & BucketEndpointInputConfig): T & BucketEndpointResolvedConfig;
 export declare const NODE_USE_ARN_REGION_ENV_NAME = "AWS_S3_USE_ARN_REGION";
 export declare const NODE_USE_ARN_REGION_INI_NAME = "s3_use_arn_region";
+export declare const NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS";
+export declare const NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME = "s3_disable_multiregion_access_points";
 /**
  * Config to load useArnRegion from environment variables and shared INI files
  *
  * @api private
  */
 export declare const NODE_USE_ARN_REGION_CONFIG_OPTIONS: LoadedConfigSelectors<boolean>;
+export declare const NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS: LoadedConfigSelectors<boolean>;
 export {};

package/{dist/types → dist-types}/ts3.4/bucketHostnameUtils.d.ts

@@ -19,6 +19,7 @@ export interface ArnHostnameParams extends Pick<BucketHostnameParams, Exclude<ke
     clientSigningRegion?: string;
     clientPartition?: string;
     useArnRegion?: boolean;
+    disableMultiregionAccessPoints?: boolean;
 }
 export declare const isBucketNameOptions: (options: BucketHostnameParams | ArnHostnameParams) => options is BucketHostnameParams;
 /**
@@ -97,6 +98,11 @@ export declare const validateAccountId: (accountId: string) => void;
 export declare const validateDNSHostLabel: (label: string, options?: {
     tlsCompatible?: boolean;
 }) => void;
+export declare const validateCustomEndpoint: (options: {
+    isCustomEndpoint?: boolean;
+    dualstackEndpoint?: boolean;
+    accelerateEndpoint?: boolean;
+}) => void;
 /**
  * Validate and parse an Access Point ARN or Outposts ARN
  * @internal
@@ -112,9 +118,14 @@ export declare const getArnResources: (resource: string) => {
  * Throw if dual stack configuration is set to true.
  * @internal
  */
-export declare const validateNoDualstack: (dualstackEndpoint: boolean) => void;
+export declare const validateNoDualstack: (dualstackEndpoint?: boolean | undefined) => void;
 /**
  * Validate region is not appended or prepended with a `fips-`
  * @internal
  */
-export declare const validateNoFIPS: (region: string) => void;
+export declare const validateNoFIPS: (region?: string | undefined) => void;
+/**
+ * Validate the multi-region access point alias.
+ * @private
+ */
+export declare const validateMrapAlias: (name: string) => void;

package/{dist/types → dist-types}/ts3.4/configurations.d.ts

@@ -14,13 +14,21 @@ export interface BucketEndpointInputConfig {
      */
     useAccelerateEndpoint?: boolean;
     /**
-     * Enables IPv6/IPv4 dualstack endpoint. When a DNS lookup is performed on an endpoint of this type, it returns an “A” record with an IPv4 address and an “AAAA” record with an IPv6 address. In most cases the network stack in the client environment will automatically prefer the AAAA record and make a connection using the IPv6 address. Note, however, that currently on Windows, the IPv4 address will be preferred.
+     * Enables IPv6/IPv4 dualstack endpoint. When a DNS lookup is performed on an endpoint of this type, it returns an “A”
+     * record with an IPv4 address and an “AAAA” record with an IPv6 address. In most cases the network stack in the
+     * client environment will automatically prefer the AAAA record and make a connection using the IPv6 address. Note,
+     * however, that currently on Windows, the IPv4 address will be preferred.
      */
     useDualstackEndpoint?: boolean;
     /**
      * Whether to override the request region with the region inferred from requested resource's ARN. Defaults to false
      */
     useArnRegion?: boolean | Provider<boolean>;
+    /**
+     * Whether to prevent SDK from making cross-region request when supplied bucket is a multi-region access point ARN.
+     * Defaults to false
+     */
+    disableMultiregionAccessPoints?: boolean | Provider<boolean>;
 }
 interface PreviouslyResolved {
     isCustomEndpoint: boolean;
@@ -62,14 +70,18 @@ export interface BucketEndpointResolvedConfig {
      * @internal
      */
     regionInfoProvider: RegionInfoProvider;
+    disableMultiregionAccessPoints: Provider<boolean>;
 }
 export declare function resolveBucketEndpointConfig<T>(input: T & PreviouslyResolved & BucketEndpointInputConfig): T & BucketEndpointResolvedConfig;
 export declare const NODE_USE_ARN_REGION_ENV_NAME = "AWS_S3_USE_ARN_REGION";
 export declare const NODE_USE_ARN_REGION_INI_NAME = "s3_use_arn_region";
+export declare const NODE_DISABLE_MULTIREGION_ACCESS_POINT_ENV_NAME = "AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS";
+export declare const NODE_DISABLE_MULTIREGION_ACCESS_POINT_INI_NAME = "s3_disable_multiregion_access_points";
 /**
  * Config to load useArnRegion from environment variables and shared INI files
  *
  * @api private
  */
 export declare const NODE_USE_ARN_REGION_CONFIG_OPTIONS: LoadedConfigSelectors<boolean>;
+export declare const NODE_DISABLE_MULTIREGION_ACCESS_POINT_CONFIG_OPTIONS: LoadedConfigSelectors<boolean>;
 export {};

package/package.json

@@ -1,41 +1,42 @@
 {
   "name": "@aws-sdk/middleware-bucket-endpoint",
-  "version": "3.30.0",
+  "version": "3.35.0",
   "scripts": {
+    "build": "yarn build:cjs && yarn build:es && yarn build:types",
     "build:cjs": "tsc -p tsconfig.cjs.json",
     "build:es": "tsc -p tsconfig.es.json",
-    "build": "yarn build:es && yarn build:cjs",
-    "downlevel-dts": "downlevel-dts dist/types dist/types/ts3.4",
+    "build:types": "tsc -p tsconfig.types.json",
+    "downlevel-dts": "downlevel-dts dist-types dist-types/ts3.4",
     "test": "jest"
   },
-  "main": "./dist/cjs/index.js",
-  "module": "./dist/es/index.js",
-  "types": "./dist/types/index.d.ts",
+  "main": "./dist-cjs/index.js",
+  "module": "./dist-es/index.js",
+  "types": "./dist-types/index.d.ts",
   "author": {
     "name": "AWS SDK for JavaScript Team",
     "url": "https://aws.amazon.com/javascript/"
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/protocol-http": "3.29.0",
-    "@aws-sdk/types": "3.29.0",
-    "@aws-sdk/util-arn-parser": "3.29.0",
+    "@aws-sdk/protocol-http": "3.35.0",
+    "@aws-sdk/types": "3.35.0",
+    "@aws-sdk/util-arn-parser": "3.35.0",
     "tslib": "^2.3.0"
   },
   "devDependencies": {
-    "@aws-sdk/middleware-stack": "3.29.0",
-    "@aws-sdk/node-config-provider": "3.29.0",
+    "@aws-sdk/middleware-stack": "3.35.0",
+    "@aws-sdk/node-config-provider": "3.35.0",
     "@types/jest": "^26.0.4",
     "jest": "^26.1.0",
-    "typescript": "~4.4.2"
+    "typescript": "~4.3.5"
   },
   "engines": {
     "node": ">= 10.0.0"
   },
   "typesVersions": {
     "<4.0": {
-      "dist/types/*": [
-        "dist/types/ts3.4/*"
+      "dist-types/*": [
+        "dist-types/ts3.4/*"
       ]
     }
   },

package/src/bucketEndpointMiddleware.ts

@@ -15,81 +15,76 @@ import { bucketHostname } from "./bucketHostname";
 import { getPseudoRegion } from "./bucketHostnameUtils";
 import { BucketEndpointResolvedConfig } from "./configurations";
 
-export const bucketEndpointMiddleware =
-  (options: BucketEndpointResolvedConfig): BuildMiddleware<any, any> =>
-  <Output extends MetadataBearer>(
-    next: BuildHandler<any, Output>,
-    context: HandlerExecutionContext
-  ): BuildHandler<any, Output> =>
-  async (args: BuildHandlerArguments<any>): Promise<BuildHandlerOutput<Output>> => {
-    const { Bucket: bucketName } = args.input as { Bucket: string };
-    let replaceBucketInPath = options.bucketEndpoint;
-    const request = args.request;
-    if (HttpRequest.isInstance(request)) {
-      if (options.bucketEndpoint) {
-        request.hostname = bucketName;
-      } else if (validateArn(bucketName)) {
-        const bucketArn = parseArn(bucketName);
-        const clientRegion = getPseudoRegion(await options.region());
-        const { partition, signingRegion = clientRegion } = (await options.regionInfoProvider(clientRegion)) || {};
-        const useArnRegion = await options.useArnRegion();
-        const {
-          hostname,
-          bucketEndpoint,
-          signingRegion: modifiedSigningRegion,
-          signingService,
-        } = bucketHostname({
-          bucketName: bucketArn,
-          baseHostname: request.hostname,
-          accelerateEndpoint: options.useAccelerateEndpoint,
-          dualstackEndpoint: options.useDualstackEndpoint,
-          pathStyleEndpoint: options.forcePathStyle,
-          tlsCompatible: request.protocol === "https:",
-          useArnRegion,
-          clientPartition: partition,
-          clientSigningRegion: signingRegion,
-          clientRegion: clientRegion,
-          isCustomEndpoint: options.isCustomEndpoint,
-        });
+export const bucketEndpointMiddleware = (options: BucketEndpointResolvedConfig): BuildMiddleware<any, any> => <
+  Output extends MetadataBearer
+>(
+  next: BuildHandler<any, Output>,
+  context: HandlerExecutionContext
+): BuildHandler<any, Output> => async (args: BuildHandlerArguments<any>): Promise<BuildHandlerOutput<Output>> => {
+  const { Bucket: bucketName } = args.input as { Bucket: string };
+  let replaceBucketInPath = options.bucketEndpoint;
+  const request = args.request;
+  if (HttpRequest.isInstance(request)) {
+    if (options.bucketEndpoint) {
+      request.hostname = bucketName;
+    } else if (validateArn(bucketName)) {
+      const bucketArn = parseArn(bucketName);
+      const clientRegion = getPseudoRegion(await options.region());
+      const { partition, signingRegion = clientRegion } = (await options.regionInfoProvider(clientRegion)) || {};
+      const useArnRegion = await options.useArnRegion();
+      const { hostname, bucketEndpoint, signingRegion: modifiedSigningRegion, signingService } = bucketHostname({
+        bucketName: bucketArn,
+        baseHostname: request.hostname,
+        accelerateEndpoint: options.useAccelerateEndpoint,
+        dualstackEndpoint: options.useDualstackEndpoint,
+        pathStyleEndpoint: options.forcePathStyle,
+        tlsCompatible: request.protocol === "https:",
+        useArnRegion,
+        clientPartition: partition,
+        clientSigningRegion: signingRegion,
+        clientRegion: clientRegion,
+        isCustomEndpoint: options.isCustomEndpoint,
+        disableMultiregionAccessPoints: await options.disableMultiregionAccessPoints(),
+      });
 
-        // If the request needs to use a region or service name inferred from ARN that different from client region, we
-        // need to set them in the handler context so the signer will use them
-        if (modifiedSigningRegion && modifiedSigningRegion !== signingRegion) {
-          context["signing_region"] = modifiedSigningRegion;
-        }
-        if (signingService && signingService !== "s3") {
-          context["signing_service"] = signingService;
-        }
+      // If the request needs to use a region or service name inferred from ARN that different from client region, we
+      // need to set them in the handler context so the signer will use them
+      if (modifiedSigningRegion && modifiedSigningRegion !== signingRegion) {
+        context["signing_region"] = modifiedSigningRegion;
+      }
+      if (signingService && signingService !== "s3") {
+        context["signing_service"] = signingService;
+      }
 
-        request.hostname = hostname;
-        replaceBucketInPath = bucketEndpoint;
-      } else {
-        const clientRegion = getPseudoRegion(await options.region());
-        const { hostname, bucketEndpoint } = bucketHostname({
-          bucketName,
-          clientRegion,
-          baseHostname: request.hostname,
-          accelerateEndpoint: options.useAccelerateEndpoint,
-          dualstackEndpoint: options.useDualstackEndpoint,
-          pathStyleEndpoint: options.forcePathStyle,
-          tlsCompatible: request.protocol === "https:",
-          isCustomEndpoint: options.isCustomEndpoint,
-        });
+      request.hostname = hostname;
+      replaceBucketInPath = bucketEndpoint;
+    } else {
+      const clientRegion = getPseudoRegion(await options.region());
+      const { hostname, bucketEndpoint } = bucketHostname({
+        bucketName,
+        clientRegion,
+        baseHostname: request.hostname,
+        accelerateEndpoint: options.useAccelerateEndpoint,
+        dualstackEndpoint: options.useDualstackEndpoint,
+        pathStyleEndpoint: options.forcePathStyle,
+        tlsCompatible: request.protocol === "https:",
+        isCustomEndpoint: options.isCustomEndpoint,
+      });
 
-        request.hostname = hostname;
-        replaceBucketInPath = bucketEndpoint;
-      }
+      request.hostname = hostname;
+      replaceBucketInPath = bucketEndpoint;
+    }
 
-      if (replaceBucketInPath) {
-        request.path = request.path.replace(/^(\/)?[^\/]+/, "");
-        if (request.path === "") {
-          request.path = "/";
-        }
+    if (replaceBucketInPath) {
+      request.path = request.path.replace(/^(\/)?[^\/]+/, "");
+      if (request.path === "") {
+        request.path = "/";
       }
     }
+  }
 
-    return next({ ...args, request });
-  };
+  return next({ ...args, request });
+};
 
 export const bucketEndpointMiddlewareOptions: RelativeMiddlewareOptions = {
   tags: ["BUCKET_ENDPOINT"],

package/src/bucketHostname.ts

@@ -1,3 +1,5 @@
+import { ARN } from "@aws-sdk/util-arn-parser";
+
 import {
   ArnHostnameParams,
   BucketHostnameParams,
@@ -11,7 +13,9 @@ import {
   isFipsRegion,
   validateAccountId,
   validateArnEndpointOptions,
+  validateCustomEndpoint,
   validateDNSHostLabel,
+  validateMrapAlias,
   validateNoDualstack,
   validateNoFIPS,
   validateOutpostService,
@@ -30,33 +34,54 @@ export interface BucketHostname {
 }
 
 export const bucketHostname = (options: BucketHostnameParams | ArnHostnameParams): BucketHostname => {
-  const { isCustomEndpoint, baseHostname, dualstackEndpoint, accelerateEndpoint } = options;
-
-  if (isCustomEndpoint) {
-    if (dualstackEndpoint) throw new Error("Dualstack endpoint is not supported with custom endpoint");
-    if (accelerateEndpoint) throw new Error("Accelerate endpoint is not supported with custom endpoint");
-  }
-
+  validateCustomEndpoint(options);
   return isBucketNameOptions(options)
     ? // Construct endpoint when bucketName is a string referring to a bucket name
-      getEndpointFromBucketName({ ...options, isCustomEndpoint })
+      getEndpointFromBucketName(options)
     : // Construct endpoint when bucketName is an ARN referring to an S3 resource like Access Point
-      getEndpointFromArn({ ...options, isCustomEndpoint });
+      getEndpointFromArn(options);
+};
+
+const getEndpointFromBucketName = ({
+  accelerateEndpoint = false,
+  clientRegion: region,
+  baseHostname,
+  bucketName,
+  dualstackEndpoint = false,
+  pathStyleEndpoint = false,
+  tlsCompatible = true,
+  isCustomEndpoint = false,
+}: BucketHostnameParams): BucketHostname => {
+  const [clientRegion, hostnameSuffix] = isCustomEndpoint ? [region, baseHostname] : getSuffix(baseHostname);
+  if (pathStyleEndpoint || !isDnsCompatibleBucketName(bucketName) || (tlsCompatible && DOT_PATTERN.test(bucketName))) {
+    return {
+      bucketEndpoint: false,
+      hostname: dualstackEndpoint ? `s3.dualstack.${clientRegion}.${hostnameSuffix}` : baseHostname,
+    };
+  }
+
+  if (accelerateEndpoint) {
+    baseHostname = `s3-accelerate${dualstackEndpoint ? ".dualstack" : ""}.${hostnameSuffix}`;
+  } else if (dualstackEndpoint) {
+    baseHostname = `s3.dualstack.${clientRegion}.${hostnameSuffix}`;
+  }
+
+  return {
+    bucketEndpoint: true,
+    hostname: `${bucketName}.${baseHostname}`,
+  };
 };
 
-const getEndpointFromArn = (options: ArnHostnameParams & { isCustomEndpoint: boolean }): BucketHostname => {
+const getEndpointFromArn = (options: ArnHostnameParams): BucketHostname => {
   const { isCustomEndpoint, baseHostname, clientRegion } = options;
   const hostnameSuffix = isCustomEndpoint ? baseHostname : getSuffixForArnEndpoint(baseHostname)[1];
 
   const {
     pathStyleEndpoint,
-    dualstackEndpoint = false,
     accelerateEndpoint = false,
     tlsCompatible = true,
-    useArnRegion,
     bucketName,
     clientPartition = "aws",
-    clientSigningRegion = clientRegion,
   } = options;
 
   validateArnEndpointOptions({ pathStyleEndpoint, accelerateEndpoint, tlsCompatible });
@@ -66,82 +91,133 @@ const getEndpointFromArn = (options: ArnHostnameParams & { isCustomEndpoint: boo
   validateService(service);
   validatePartition(partition, { clientPartition });
   validateAccountId(accountId);
-  validateRegionalClient(clientRegion);
   const { accesspointName, outpostId } = getArnResources(resource);
+  if (service === "s3-object-lambda") {
+    return getEndpointFromObjectLambdaArn({ ...options, tlsCompatible, bucketName, accesspointName, hostnameSuffix });
+  }
+  if (region === "") {
+    return getEndpointFromMRAPArn({ ...options, clientRegion, mrapAlias: accesspointName, hostnameSuffix });
+  }
+  if (outpostId) {
+    return getEndpointFromOutpostArn({ ...options, clientRegion, outpostId, accesspointName, hostnameSuffix });
+  }
+  return getEndpointFromAccessPointArn({ ...options, clientRegion, accesspointName, hostnameSuffix });
+};
+
+const getEndpointFromObjectLambdaArn = ({
+  dualstackEndpoint = false,
+  tlsCompatible = true,
+  useArnRegion,
+  clientRegion,
+  clientSigningRegion = clientRegion,
+  accesspointName,
+  bucketName,
+  hostnameSuffix,
+}: ArnHostnameParams & {
+  accesspointName: string;
+  bucketName: ARN;
+  hostnameSuffix: string;
+}): BucketHostname => {
+  const { accountId, region, service } = bucketName;
+  validateRegionalClient(clientRegion);
+  validateRegion(region, { useArnRegion, clientRegion, clientSigningRegion, allowFipsRegion: true });
+  validateNoDualstack(dualstackEndpoint);
   const DNSHostLabel = `${accesspointName}-${accountId}`;
   validateDNSHostLabel(DNSHostLabel, { tlsCompatible });
 
   const endpointRegion = useArnRegion ? region : clientRegion;
   const signingRegion = useArnRegion ? region : clientSigningRegion;
-  if (service === "s3-object-lambda") {
-    validateRegion(region, { useArnRegion, clientRegion, clientSigningRegion, allowFipsRegion: true });
-    validateNoDualstack(dualstackEndpoint);
-    return {
-      bucketEndpoint: true,
-      hostname: `${DNSHostLabel}.${service}${isFipsRegion(clientRegion) ? "-fips" : ""}.${getPseudoRegion(
-        endpointRegion
-      )}.${hostnameSuffix}`,
-      signingRegion,
-      signingService: service,
-    };
-  } else if (outpostId) {
-    // if this is an Outpost ARN
-    validateRegion(region, { useArnRegion, clientRegion, clientSigningRegion });
-    validateOutpostService(service);
-    validateDNSHostLabel(outpostId, { tlsCompatible });
-    validateNoDualstack(dualstackEndpoint);
-    validateNoFIPS(endpointRegion);
-    const hostnamePrefix = `${DNSHostLabel}.${outpostId}`;
-    return {
-      bucketEndpoint: true,
-      hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-outposts.${endpointRegion}`}.${hostnameSuffix}`,
-      signingRegion,
-      signingService: "s3-outposts",
-    };
-  }
-  // construct endpoint from Accesspoint ARN
-  validateRegion(region, { useArnRegion, clientRegion, clientSigningRegion, allowFipsRegion: true });
-  validateS3Service(service);
-  const hostnamePrefix = `${DNSHostLabel}`;
+
   return {
     bucketEndpoint: true,
-    hostname: `${hostnamePrefix}${
-      isCustomEndpoint
-        ? ""
-        : `.s3-accesspoint${isFipsRegion(clientRegion) ? "-fips" : ""}${
-            dualstackEndpoint ? ".dualstack" : ""
-          }.${getPseudoRegion(endpointRegion)}`
-    }.${hostnameSuffix}`,
+    hostname: `${DNSHostLabel}.${service}${isFipsRegion(clientRegion) ? "-fips" : ""}.${getPseudoRegion(
+      endpointRegion
+    )}.${hostnameSuffix}`,
     signingRegion,
+    signingService: service,
   };
 };
 
-const getEndpointFromBucketName = ({
-  accelerateEndpoint = false,
-  clientRegion: region,
-  baseHostname,
-  bucketName,
+const getEndpointFromMRAPArn = ({
+  disableMultiregionAccessPoints,
   dualstackEndpoint = false,
-  pathStyleEndpoint = false,
-  tlsCompatible = true,
-  isCustomEndpoint = false,
-}: BucketHostnameParams & { isCustomEndpoint: boolean }): BucketHostname => {
-  const [clientRegion, hostnameSuffix] = isCustomEndpoint ? [region, baseHostname] : getSuffix(baseHostname);
-  if (pathStyleEndpoint || !isDnsCompatibleBucketName(bucketName) || (tlsCompatible && DOT_PATTERN.test(bucketName))) {
-    return {
-      bucketEndpoint: false,
-      hostname: dualstackEndpoint ? `s3.dualstack.${clientRegion}.${hostnameSuffix}` : baseHostname,
-    };
+  isCustomEndpoint,
+  mrapAlias,
+  hostnameSuffix,
+}: ArnHostnameParams & { mrapAlias: string; hostnameSuffix: string }): BucketHostname => {
+  // If this is a multi-regional access point, and not explicitly opted out.
+  if (disableMultiregionAccessPoints === true) {
+    throw new Error("SDK is attempting to use a MRAP ARN. Please enable to feature.");
   }
+  validateMrapAlias(mrapAlias);
+  validateNoDualstack(dualstackEndpoint);
+  return {
+    bucketEndpoint: true,
+    hostname: `${mrapAlias}${isCustomEndpoint ? "" : `.accesspoint.s3-global`}.${hostnameSuffix}`,
+    signingRegion: "*",
+  };
+};
 
-  if (accelerateEndpoint) {
-    baseHostname = `s3-accelerate${dualstackEndpoint ? ".dualstack" : ""}.${hostnameSuffix}`;
-  } else if (dualstackEndpoint) {
-    baseHostname = `s3.dualstack.${clientRegion}.${hostnameSuffix}`;
-  }
+const getEndpointFromOutpostArn = ({
+  useArnRegion,
+  clientRegion,
+  clientSigningRegion = clientRegion,
+  bucketName,
+  outpostId,
+  dualstackEndpoint = false,
+  tlsCompatible = true,
+  accesspointName,
+  isCustomEndpoint,
+  hostnameSuffix,
+}: ArnHostnameParams & { outpostId: string; accesspointName: string; hostnameSuffix: string }): BucketHostname => {
+  // if this is an Outpost ARN
+  validateRegionalClient(clientRegion);
+  validateRegion(bucketName.region, { useArnRegion, clientRegion, clientSigningRegion });
+  const DNSHostLabel = `${accesspointName}-${bucketName.accountId}`;
+  validateDNSHostLabel(DNSHostLabel, { tlsCompatible });
+  const endpointRegion = useArnRegion ? bucketName.region : clientRegion;
+  const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion;
+  validateOutpostService(bucketName.service);
+  validateDNSHostLabel(outpostId, { tlsCompatible });
+  validateNoDualstack(dualstackEndpoint);
+  validateNoFIPS(endpointRegion);
+  const hostnamePrefix = `${DNSHostLabel}.${outpostId}`;
+  return {
+    bucketEndpoint: true,
+    hostname: `${hostnamePrefix}${isCustomEndpoint ? "" : `.s3-outposts.${endpointRegion}`}.${hostnameSuffix}`,
+    signingRegion,
+    signingService: "s3-outposts",
+  };
+};
 
+const getEndpointFromAccessPointArn = ({
+  useArnRegion,
+  clientRegion,
+  clientSigningRegion = clientRegion,
+  bucketName,
+  dualstackEndpoint = false,
+  tlsCompatible = true,
+  accesspointName,
+  isCustomEndpoint,
+  hostnameSuffix,
+}: ArnHostnameParams & { accesspointName: string; hostnameSuffix: string }): BucketHostname => {
+  // construct endpoint from Accesspoint ARN
+  validateRegionalClient(clientRegion);
+  validateRegion(bucketName.region, { useArnRegion, clientRegion, clientSigningRegion, allowFipsRegion: true });
+  const hostnamePrefix = `${accesspointName}-${bucketName.accountId}`;
+  validateDNSHostLabel(hostnamePrefix, { tlsCompatible });
+  const endpointRegion = useArnRegion ? bucketName.region : clientRegion;
+  const signingRegion = useArnRegion ? bucketName.region : clientSigningRegion;
+  validateS3Service(bucketName.service);
   return {
     bucketEndpoint: true,
-    hostname: `${bucketName}.${baseHostname}`,
+    hostname: `${hostnamePrefix}${
+      isCustomEndpoint
+        ? ""
+        : `.s3-accesspoint${isFipsRegion(clientRegion) ? "-fips" : ""}${
+            dualstackEndpoint ? ".dualstack" : ""
+          }.${getPseudoRegion(endpointRegion)}`
+    }.${hostnameSuffix}`,
+    signingRegion,
   };
 };