cdk-lambda-subminute 2.0.442 → 2.0.444

package/node_modules/aws-sdk/clients/resiliencehub.d.ts

@@ -219,6 +219,14 @@ declare class Resiliencehub extends Service {
    * List of compliance drifts that were detected while running an assessment.
    */
   listAppAssessmentComplianceDrifts(callback?: (err: AWSError, data: Resiliencehub.Types.ListAppAssessmentComplianceDriftsResponse) => void): Request<Resiliencehub.Types.ListAppAssessmentComplianceDriftsResponse, AWSError>;
+  /**
+   * Indicates the list of resource drifts that were detected while running an assessment.
+   */
+  listAppAssessmentResourceDrifts(params: Resiliencehub.Types.ListAppAssessmentResourceDriftsRequest, callback?: (err: AWSError, data: Resiliencehub.Types.ListAppAssessmentResourceDriftsResponse) => void): Request<Resiliencehub.Types.ListAppAssessmentResourceDriftsResponse, AWSError>;
+  /**
+   * Indicates the list of resource drifts that were detected while running an assessment.
+   */
+  listAppAssessmentResourceDrifts(callback?: (err: AWSError, data: Resiliencehub.Types.ListAppAssessmentResourceDriftsResponse) => void): Request<Resiliencehub.Types.ListAppAssessmentResourceDriftsResponse, AWSError>;
   /**
    * Lists the assessments for an Resilience Hub application. You can use request parameters to refine the results for the response object.
    */
@@ -1672,7 +1680,7 @@ declare namespace Resiliencehub {
      */
     policy: ResiliencyPolicy;
   }
-  export type DifferenceType = "NotEqual"|string;
+  export type DifferenceType = "NotEqual"|"Added"|"Removed"|string;
   export interface DisruptionCompliance {
     /**
      * The Recovery Point Objective (RPO) that is achievable, in seconds.
@@ -1721,7 +1729,7 @@ declare namespace Resiliencehub {
   export type DocumentName = string;
   export type Double = number;
   export type DriftStatus = "NotChecked"|"NotDetected"|"Detected"|string;
-  export type DriftType = "ApplicationCompliance"|string;
+  export type DriftType = "ApplicationCompliance"|"AppComponentResiliencyComplianceStatus"|string;
   export type EksNamespace = string;
   export type EksNamespaceList = EksNamespace[];
   export interface EksSource {
@@ -1881,6 +1889,30 @@ declare namespace Resiliencehub {
      */
     nextToken?: NextToken;
   }
+  export interface ListAppAssessmentResourceDriftsRequest {
+    /**
+     * Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:partition:resiliencehub:region:account:app-assessment/app-id. For more information about ARNs, see  Amazon Resource Names (ARNs) in the Amazon Web Services General Reference guide.
+     */
+    assessmentArn: Arn;
+    /**
+     * Indicates the maximum number of drift results to include in the response. If more results exist than the specified MaxResults value, a token is included in the response so that the remaining results can be retrieved.
+     */
+    maxResults?: MaxResults;
+    /**
+     * Null, or the token from a previous call to get the next set of results.
+     */
+    nextToken?: NextToken;
+  }
+  export interface ListAppAssessmentResourceDriftsResponse {
+    /**
+     * Null, or the token from a previous call to get the next set of results.
+     */
+    nextToken?: NextToken;
+    /**
+     * Indicates all the resource drifts detected for an assessed entity.
+     */
+    resourceDrifts: ResourceDriftList;
+  }
   export interface ListAppAssessmentsRequest {
     /**
      * Amazon Resource Name (ARN) of the Resilience Hub application. The format for this ARN is: arn:partition:resiliencehub:region:account:app/app-id. For more information about ARNs, see  Amazon Resource Names (ARNs) in the Amazon Web Services General Reference guide.
@@ -2177,7 +2209,7 @@ declare namespace Resiliencehub {
     /**
      * Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:partition:resiliencehub:region:account:app-assessment/app-id. For more information about ARNs, see  Amazon Resource Names (ARNs) in the Amazon Web Services General Reference guide.
      */
-    assessmentArn: Arn;
+    assessmentArn?: Arn;
     /**
      * Maximum number of results to include in the response. If more results exist than the specified MaxResults value, a token is included in the response so that the remaining results can be retrieved.
      */
@@ -2425,7 +2457,7 @@ declare namespace Resiliencehub {
      */
     resourceName?: EntityName;
     /**
-     * The type of resource.
+     * Type of resource.
      */
     resourceType: String255;
     /**
@@ -2739,6 +2771,29 @@ declare namespace Resiliencehub {
      */
     status: ResourceResolutionStatusType;
   }
+  export interface ResourceDrift {
+    /**
+     * Amazon Resource Name (ARN) of the application whose resources have drifted. The format for this ARN is: arn:partition:resiliencehub:region:account:app-assessment/app-id. For more information about ARNs, see  Amazon Resource Names (ARNs) in the Amazon Web Services General Reference guide.
+     */
+    appArn?: Arn;
+    /**
+     * Version of the application whose resources have drifted.
+     */
+    appVersion?: EntityVersion;
+    /**
+     * Indicates if the resource was added or removed.
+     */
+    diffType?: DifferenceType;
+    /**
+     * Reference identifier of the resource drift.
+     */
+    referenceId?: EntityId;
+    /**
+     * Identifier of the drifted resource.
+     */
+    resourceIdentifier?: ResourceIdentifier;
+  }
+  export type ResourceDriftList = ResourceDrift[];
   export interface ResourceError {
     /**
      * Identifier of the logical resource. 
@@ -2764,23 +2819,33 @@ declare namespace Resiliencehub {
      */
     resourceErrors?: ResourceErrorList;
   }
+  export interface ResourceIdentifier {
+    /**
+     * Logical identifier of the drifted resource.
+     */
+    logicalResourceId?: LogicalResourceId;
+    /**
+     * Type of the drifted resource.
+     */
+    resourceType?: String255;
+  }
   export type ResourceImportStatusType = "Pending"|"InProgress"|"Failed"|"Success"|string;
   export type ResourceImportStrategyType = "AddOnly"|"ReplaceAll"|string;
   export interface ResourceMapping {
     /**
-     * The name of the application this resource is mapped to.
+     * Name of the application this resource is mapped to when the mappingType is AppRegistryApp.
      */
     appRegistryAppName?: EntityName;
     /**
-     * Name of the Amazon Elastic Kubernetes Service cluster and namespace this resource belongs to.  This parameter accepts values in "eks-cluster/namespace" format. 
+     * Name of the Amazon Elastic Kubernetes Service cluster and namespace that this resource is mapped to when the mappingType is EKS.  This parameter accepts values in "eks-cluster/namespace" format. 
      */
     eksSourceName?: String255;
     /**
-     * The name of the CloudFormation stack this resource is mapped to.
+     * Name of the CloudFormation stack this resource is mapped to when the mappingType is CfnStack.
      */
     logicalStackName?: String255;
     /**
-     * Specifies the type of resource mapping.  AppRegistryApp  The resource is mapped to another application. The name of the application is contained in the appRegistryAppName property.  CfnStack  The resource is mapped to a CloudFormation stack. The name of the CloudFormation stack is contained in the logicalStackName property.  Resource  The resource is mapped to another resource. The name of the resource is contained in the resourceName property.  ResourceGroup  The resource is mapped to Resource Groups. The name of the resource group is contained in the resourceGroupName property.  
+     * Specifies the type of resource mapping.
      */
     mappingType: ResourceMappingType;
     /**
@@ -2788,15 +2853,15 @@ declare namespace Resiliencehub {
      */
     physicalResourceId: PhysicalResourceId;
     /**
-     * Name of the resource group that the resource is mapped to.
+     * Name of the Resource Groups that this resource is mapped to when the mappingType is ResourceGroup.
      */
     resourceGroupName?: EntityName;
     /**
-     * Name of the resource that the resource is mapped to.
+     * Name of the resource that this resource is mapped to when the mappingType is Resource.
      */
     resourceName?: EntityName;
     /**
-     *  The short name of the Terraform source. 
+     * Name of the Terraform source that this resource is mapped to when the mappingType is Terraform.
      */
     terraformSourceName?: String255;
   }
@@ -2817,19 +2882,19 @@ declare namespace Resiliencehub {
   export type S3Url = string;
   export interface ScoringComponentResiliencyScore {
     /**
-     * Number of recommendations that were excluded from the assessment. For example, if the Excluded count for Resilience Hub recommended Amazon CloudWatch alarms is 7, it indicates that 7 Amazon CloudWatch alarms are excluded from the assessment.
+     * Number of recommendations that were excluded from the assessment. For example, if the excludedCount for Alarms coverage scoring component is 7, it indicates that 7 Amazon CloudWatch alarms are excluded from the assessment.
      */
     excludedCount?: Long;
     /**
-     * Number of issues that must be resolved to obtain the maximum possible score for the scoring component. For SOPs, alarms, and FIS experiments, these are the number of recommendations that must be implemented. For compliance, it is the number of Application Components that has breached the resiliency policy. For example, if the Outstanding count for Resilience Hub recommended Amazon CloudWatch alarms is 5, it indicates that 5 Amazon CloudWatch alarms must be fixed to achieve the maximum possible score.
+     * Number of recommendations that must be implemented to obtain the maximum possible score for the scoring component. For SOPs, alarms, and tests, these are the number of recommendations that must be implemented. For compliance, these are the number of Application Components that have breached the resiliency policy. For example, if the outstandingCount for Alarms coverage scoring component is 5, it indicates that 5 Amazon CloudWatch alarms need to be implemented to achieve the maximum possible score.
      */
     outstandingCount?: Long;
     /**
-     * Maximum possible score that can be obtained for the scoring component. If the Possible score is 20 points, it indicates the maximum possible score you can achieve for your application when you run a new assessment after implementing all the Resilience Hub recommendations.
+     * Maximum possible score that can be obtained for the scoring component.  For example, if the possibleScore is 20 points, it indicates the maximum possible score you can achieve for the scoring component when you run a new assessment after implementing all the Resilience Hub recommendations.
      */
     possibleScore?: Double;
     /**
-     * Resiliency score of your application.
+     * Resiliency score points given for the scoring component. The score is always less than or equal to the possibleScore.
      */
     score?: Double;
   }

package/node_modules/aws-sdk/clients/route53profiles.d.ts

@@ -12,11 +12,11 @@ declare class Route53Profiles extends Service {
   constructor(options?: Route53Profiles.Types.ClientConfiguration)
   config: Config & Route53Profiles.Types.ClientConfiguration;
   /**
-   *  Associates a Route 53 Profiles profile with a VPC. A VPC can have only one Profile associated with it, but a Profile can be associated with up to 5000 VPCs. 
+   *  Associates a Route 53 Profiles profile with a VPC. A VPC can have only one Profile associated with it, but a Profile can be associated with 1000 of VPCs (and you can request a higher quota). For more information, see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-entities. 
    */
   associateProfile(params: Route53Profiles.Types.AssociateProfileRequest, callback?: (err: AWSError, data: Route53Profiles.Types.AssociateProfileResponse) => void): Request<Route53Profiles.Types.AssociateProfileResponse, AWSError>;
   /**
-   *  Associates a Route 53 Profiles profile with a VPC. A VPC can have only one Profile associated with it, but a Profile can be associated with up to 5000 VPCs. 
+   *  Associates a Route 53 Profiles profile with a VPC. A VPC can have only one Profile associated with it, but a Profile can be associated with 1000 of VPCs (and you can request a higher quota). For more information, see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-entities. 
    */
   associateProfile(callback?: (err: AWSError, data: Route53Profiles.Types.AssociateProfileResponse) => void): Request<Route53Profiles.Types.AssociateProfileResponse, AWSError>;
   /**
@@ -181,7 +181,7 @@ declare namespace Route53Profiles {
      */
     ResourceArn: Arn;
     /**
-     *  If you are adding a DNS Firewall rule group, include also a priority in this format:   Key=FirewallRuleGroupPriority,Value=100 
+     *  If you are adding a DNS Firewall rule group, include also a priority. The priority indicates the processing order for the rule groups, starting with the priority assinged the lowest value.  The allowed values for priority are between 100 and 9900.
      */
     ResourceProperties?: ResourceProperties;
   }
@@ -585,7 +585,7 @@ declare namespace Route53Profiles {
      */
     ProfileResourceAssociationId: ResourceId;
     /**
-     *  If you are adding a DNS Firewall rule group, include also a priority in this format:  Key=FirewallRuleGroupPriority,Value=100. 
+     *  If you are adding a DNS Firewall rule group, include also a priority. The priority indicates the processing order for the rule groups, starting with the priority assinged the lowest value.  The allowed values for priority are between 100 and 9900.
      */
     ResourceProperties?: ResourceProperties;
   }

package/node_modules/aws-sdk/clients/route53resolver.d.ts

@@ -737,7 +737,11 @@ declare namespace Route53Resolver {
      */
     Name: Name;
     /**
-     *  The DNS query type you want the rule to evaluate. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.  
+     *  How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.   Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.  Trust_Redirection_Domain  inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
+     */
+    FirewallDomainRedirectionAction?: FirewallDomainRedirectionAction;
+    /**
+     *  The DNS query type you want the rule to evaluate. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.   A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see List of DNS record types.  
      */
     Qtype?: Qtype;
   }
@@ -789,7 +793,7 @@ declare namespace Route53Resolver {
      */
     Name?: Name;
     /**
-     * The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network.
+     * The ID of one or more security groups that you want to use to control access to this VPC. The security group that you specify must include one or more inbound rules (for inbound Resolver endpoints) or outbound rules (for outbound Resolver endpoints). Inbound and outbound rules must allow TCP and UDP access. For inbound access, open port 53. For outbound access, open the port that you're using for DNS queries on your network. Some security group rules will cause your connection to be tracked. For outbound resolver endpoint, it can potentially impact the maximum queries per second from outbound endpoint to your target name server. For inbound resolver endpoint, it can bring down the overall maximum queries per second per IP address to as low as 1500. To avoid connection tracking caused by security group, see Untracked connections.
      */
     SecurityGroupIds: SecurityGroupIds;
     /**
@@ -922,7 +926,7 @@ declare namespace Route53Resolver {
      */
     FirewallDomainListId: ResourceId;
     /**
-     *  The DNS query type that the rule you are deleting evaluates. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.  
+     *  The DNS query type that the rule you are deleting evaluates. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.   A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see List of DNS record types.  
      */
     Qtype?: Qtype;
   }
@@ -1144,6 +1148,7 @@ declare namespace Route53Resolver {
   export type FirewallDomainListMetadataList = FirewallDomainListMetadata[];
   export type FirewallDomainListStatus = "COMPLETE"|"COMPLETE_IMPORT_FAILED"|"IMPORTING"|"DELETING"|"UPDATING"|string;
   export type FirewallDomainName = string;
+  export type FirewallDomainRedirectionAction = "INSPECT_REDIRECTION_DOMAIN"|"TRUST_REDIRECTION_DOMAIN"|string;
   export type FirewallDomainUpdateOperation = "ADD"|"REMOVE"|"REPLACE"|string;
   export type FirewallDomains = FirewallDomainName[];
   export type FirewallFailOpenStatus = "ENABLED"|"DISABLED"|"USE_LOCAL_RESOURCE_SETTING"|string;
@@ -1197,7 +1202,11 @@ declare namespace Route53Resolver {
      */
     ModificationTime?: Rfc3339TimeString;
     /**
-     *  The DNS query type you want the rule to evaluate. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.  
+     *  How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.   Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.  Trust_Redirection_Domain  inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
+     */
+    FirewallDomainRedirectionAction?: FirewallDomainRedirectionAction;
+    /**
+     *  The DNS query type you want the rule to evaluate. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.   A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see List of DNS record types.  
      */
     Qtype?: Qtype;
   }
@@ -2637,7 +2646,11 @@ declare namespace Route53Resolver {
      */
     Name?: Name;
     /**
-     *  The DNS query type you want the rule to evaluate. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.  
+     *  How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.   Inspect_Redirection_Domain (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.  Trust_Redirection_Domain  inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
+     */
+    FirewallDomainRedirectionAction?: FirewallDomainRedirectionAction;
+    /**
+     *  The DNS query type you want the rule to evaluate. Allowed values are;     A: Returns an IPv4 address.   AAAA: Returns an Ipv6 address.   CAA: Restricts CAs that can create SSL/TLS certifications for the domain.   CNAME: Returns another domain name.   DS: Record that identifies the DNSSEC signing key of a delegated zone.   MX: Specifies mail servers.   NAPTR: Regular-expression-based rewriting of domain names.   NS: Authoritative name servers.   PTR: Maps an IP address to a domain name.   SOA: Start of authority record for the zone.   SPF: Lists the servers authorized to send emails from a domain.   SRV: Application specific values that identify servers.   TXT: Verifies email senders and application-specific values.   A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see List of DNS record types.  
      */
     Qtype?: Qtype;
   }

package/node_modules/aws-sdk/clients/s3.d.ts

@@ -34,11 +34,11 @@ declare class S3 extends S3Customizations {
    */
   completeMultipartUpload(callback?: (err: AWSError, data: S3.Types.CompleteMultipartUploadOutput) => void): Request<S3.Types.CompleteMultipartUploadOutput, AWSError>;
   /**
-   * Creates a copy of an object that is already stored in Amazon S3.  You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.  You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.   Directory buckets  - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.  Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.  Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.   Authentication and authorization  All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have read access to the source object and write access to the destination bucket.    General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.   If the source object is in a general purpose bucket, you must have  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have  s3:PutObject  permission to write the object copy to the destination bucket.       Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Response and special errors  When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds. to keep the connection alive while we copy the data.    If the copy is successful, you receive a response with information about the copied object.   A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.   If the error occurs before the copy action starts, you receive a standard Amazon S3 error.   If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed. If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).      Charge  The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.  HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to CopyObject:    PutObject     GetObject   
+   * Creates a copy of an object that is already stored in Amazon S3.  You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.  You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.   Directory buckets  - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.  Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.  Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.   Authentication and authorization  All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have read access to the source object and write access to the destination bucket.    General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.   If the source object is in a general purpose bucket, you must have  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have  s3:PutObject  permission to write the object copy to the destination bucket.       Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Response and special errors  When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds.    If the copy is successful, you receive a response with information about the copied object.   A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.   If the error occurs before the copy action starts, you receive a standard Amazon S3 error.   If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed. If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).      Charge  The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.  HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to CopyObject:    PutObject     GetObject   
    */
   copyObject(params: S3.Types.CopyObjectRequest, callback?: (err: AWSError, data: S3.Types.CopyObjectOutput) => void): Request<S3.Types.CopyObjectOutput, AWSError>;
   /**
-   * Creates a copy of an object that is already stored in Amazon S3.  You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.  You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.   Directory buckets  - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.  Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.  Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.   Authentication and authorization  All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have read access to the source object and write access to the destination bucket.    General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.   If the source object is in a general purpose bucket, you must have  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have  s3:PutObject  permission to write the object copy to the destination bucket.       Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Response and special errors  When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds. to keep the connection alive while we copy the data.    If the copy is successful, you receive a response with information about the copied object.   A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.   If the error occurs before the copy action starts, you receive a standard Amazon S3 error.   If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed. If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).      Charge  The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.  HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to CopyObject:    PutObject     GetObject   
+   * Creates a copy of an object that is already stored in Amazon S3.  You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy (UploadPartCopy) API. For more information, see Copy Object Using the REST Multipart Upload API.  You can copy individual objects between general purpose buckets, between directory buckets, and between general purpose buckets and directory buckets.   Directory buckets  - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.  Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account. For more information about how to enable a Region for your account, see Enable or disable a Region for standalone accounts in the Amazon Web Services Account Management Guide.  Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 Bad Request error. For more information, see Transfer Acceleration.   Authentication and authorization  All CopyObject requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use the IAM credentials to authenticate and authorize your access to the CopyObject API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have read access to the source object and write access to the destination bucket.    General purpose bucket permissions - You must have permissions in an IAM policy based on the source and destination bucket types in a CopyObject operation.   If the source object is in a general purpose bucket, you must have  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have  s3:PutObject  permission to write the object copy to the destination bucket.       Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in a CopyObject operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key can't be set to ReadOnly on the copy destination bucket.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Response and special errors  When the request is an HTTP 1.1 request, the response is chunk encoded. When the request is not an HTTP 1.1 request, the response would not contain the Content-Length. You always need to read the entire response body to check if the copy succeeds.    If the copy is successful, you receive a response with information about the copied object.   A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. A 200 OK response can contain either a success or an error.   If the error occurs before the copy action starts, you receive a standard Amazon S3 error.   If the error occurs during the copy operation, the error response is embedded in the 200 OK response. For example, in a cross-region copy, you may encounter throttling and receive a 200 OK response. For more information, see Resolve the Error 200 response when copying objects to Amazon S3. The 200 OK status code means the copy was accepted, but it doesn't mean the copy is complete. Another example is when you disconnect from Amazon S3 before the copy is complete, Amazon S3 might cancel the copy and you may receive a 200 OK response. You must stay connected to Amazon S3 until the entire response is successfully received and processed. If you call this API operation directly, make sure to design your application to parse the content of the response and handle it appropriately. If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded error and apply error handling per your configuration settings (including automatically retrying the request as appropriate). If the condition persists, the SDKs throw an exception (or, for the SDKs that don't use exceptions, they return an error).      Charge  The copy request charge is based on the storage class and Region that you specify for the destination object. The request can also result in a data retrieval charge for the source if the source storage class bills for data retrieval. If the copy source is in a different region, the data transfer is billed to the copy source account. For pricing information, see Amazon S3 pricing.  HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to CopyObject:    PutObject     GetObject   
    */
   copyObject(callback?: (err: AWSError, data: S3.Types.CopyObjectOutput) => void): Request<S3.Types.CopyObjectOutput, AWSError>;
   /**
@@ -186,11 +186,11 @@ declare class S3 extends S3Customizations {
    */
   deleteObjectTagging(callback?: (err: AWSError, data: S3.Types.DeleteObjectTaggingOutput) => void): Request<S3.Types.DeleteObjectTaggingOutput, AWSError>;
   /**
-   * This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead. The request can contain a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.     Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.    The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body. When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.   Directory buckets - MFA delete is not supported by directory buckets.   Permissions     General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.     s3:DeleteObject  - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.     s3:DeleteObjectVersion  - To delete a specific version of an object from a versiong-enabled bucket, you must specify the s3:DeleteObjectVersion permission.      Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the  CreateSession  API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see  CreateSession .    Content-MD5 request header     General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.    Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.    HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to DeleteObjects:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     ListParts     AbortMultipartUpload   
+   * This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead. The request can contain a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.     Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.    The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body. When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.   Directory buckets - MFA delete is not supported by directory buckets.   Permissions     General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.     s3:DeleteObject  - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.     s3:DeleteObjectVersion  - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.      Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the  CreateSession  API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see  CreateSession .    Content-MD5 request header     General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.    Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.    HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to DeleteObjects:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     ListParts     AbortMultipartUpload   
    */
   deleteObjects(params: S3.Types.DeleteObjectsRequest, callback?: (err: AWSError, data: S3.Types.DeleteObjectsOutput) => void): Request<S3.Types.DeleteObjectsOutput, AWSError>;
   /**
-   * This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead. The request can contain a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.     Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.    The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body. When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.   Directory buckets - MFA delete is not supported by directory buckets.   Permissions     General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.     s3:DeleteObject  - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.     s3:DeleteObjectVersion  - To delete a specific version of an object from a versiong-enabled bucket, you must specify the s3:DeleteObjectVersion permission.      Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the  CreateSession  API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see  CreateSession .    Content-MD5 request header     General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.    Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.    HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to DeleteObjects:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     ListParts     AbortMultipartUpload   
+   * This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead. The request can contain a list of up to 1000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. Note that if the object specified in the request is not found, Amazon S3 returns the result as deleted.     Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.    Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.    The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body. When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.   Directory buckets - MFA delete is not supported by directory buckets.   Permissions     General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.     s3:DeleteObject  - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.     s3:DeleteObjectVersion  - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.      Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the  CreateSession  API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see  CreateSession .    Content-MD5 request header     General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.    Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.    HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to DeleteObjects:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     ListParts     AbortMultipartUpload   
    */
   deleteObjects(callback?: (err: AWSError, data: S3.Types.DeleteObjectsOutput) => void): Request<S3.Types.DeleteObjectsOutput, AWSError>;
   /**
@@ -790,11 +790,11 @@ declare class S3 extends S3Customizations {
    */
   uploadPart(callback?: (err: AWSError, data: S3.Types.UploadPartOutput) => void): Request<S3.Types.UploadPartOutput, AWSError>;
   /**
-   * Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.  For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.   Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.  You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request. For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.   Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.   Authentication and authorization  All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have READ access to the source object and WRITE access to the destination bucket.    General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.   If the source object is in a general purpose bucket, you must have the  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have the  s3:PutObject  permission to write the object copy to the destination bucket.    For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.    Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object . By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Encryption     General purpose buckets  - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.     Directory buckets  - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.    Special errors    Error Code: NoSuchUpload    Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.   HTTP Status Code: 404 Not Found     Error Code: InvalidRequest    Description: The specified copy source is not supported as a byte-range copy source.   HTTP Status Code: 400 Bad Request      HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to UploadPartCopy:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     AbortMultipartUpload     ListParts     ListMultipartUploads   
+   * Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.  For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.   Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.  You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request. For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.   Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.   Authentication and authorization  All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have READ access to the source object and WRITE access to the destination bucket.    General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.   If the source object is in a general purpose bucket, you must have the  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have the  s3:PutObject  permission to write the object copy to the destination bucket.    For information about permissions required to use the multipart upload API, see Multipart upload API and permissions in the Amazon S3 User Guide.    Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Encryption     General purpose buckets  - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.     Directory buckets  - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.    Special errors    Error Code: NoSuchUpload    Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.   HTTP Status Code: 404 Not Found     Error Code: InvalidRequest    Description: The specified copy source is not supported as a byte-range copy source.   HTTP Status Code: 400 Bad Request      HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to UploadPartCopy:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     AbortMultipartUpload     ListParts     ListMultipartUploads   
    */
   uploadPartCopy(params: S3.Types.UploadPartCopyRequest, callback?: (err: AWSError, data: S3.Types.UploadPartCopyOutput) => void): Request<S3.Types.UploadPartCopyOutput, AWSError>;
   /**
-   * Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.  For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.   Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.  You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request. For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.   Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.   Authentication and authorization  All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have READ access to the source object and WRITE access to the destination bucket.    General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.   If the source object is in a general purpose bucket, you must have the  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have the  s3:PutObject  permission to write the object copy to the destination bucket.    For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.    Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object . By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Encryption     General purpose buckets  - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.     Directory buckets  - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.    Special errors    Error Code: NoSuchUpload    Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.   HTTP Status Code: 404 Not Found     Error Code: InvalidRequest    Description: The specified copy source is not supported as a byte-range copy source.   HTTP Status Code: 400 Bad Request      HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to UploadPartCopy:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     AbortMultipartUpload     ListParts     ListMultipartUploads   
+   * Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.  For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.   Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.  You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request. For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.   Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide.   Authentication and authorization  All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.  Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation. Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.  Permissions  You must have READ access to the source object and WRITE access to the destination bucket.    General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.   If the source object is in a general purpose bucket, you must have the  s3:GetObject  permission to read the source object that is being copied.    If the destination bucket is a general purpose bucket, you must have the  s3:PutObject  permission to write the object copy to the destination bucket.    For information about permissions required to use the multipart upload API, see Multipart upload API and permissions in the Amazon S3 User Guide.    Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.   If the source object that you want to copy is in a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.   If the copy destination is a directory bucket, you must have the  s3express:CreateSession  permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.    For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.    Encryption     General purpose buckets  - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.     Directory buckets  - For directory buckets, only server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.    Special errors    Error Code: NoSuchUpload    Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.   HTTP Status Code: 404 Not Found     Error Code: InvalidRequest    Description: The specified copy source is not supported as a byte-range copy source.   HTTP Status Code: 400 Bad Request      HTTP Host header syntax   Directory buckets  - The HTTP Host header syntax is  Bucket_name.s3express-az_id.region.amazonaws.com.   The following operations are related to UploadPartCopy:    CreateMultipartUpload     UploadPart     CompleteMultipartUpload     AbortMultipartUpload     ListParts     ListMultipartUploads   
    */
   uploadPartCopy(callback?: (err: AWSError, data: S3.Types.UploadPartCopyOutput) => void): Request<S3.Types.UploadPartCopyOutput, AWSError>;
   /**
@@ -1814,7 +1814,7 @@ declare namespace S3 {
   }
   export interface CreateSessionOutput {
     /**
-     * The established temporary security credentials for the created session..
+     * The established temporary security credentials for the created session.
      */
     Credentials: SessionCredentials;
   }
@@ -3377,6 +3377,30 @@ declare namespace S3 {
      * HeadObject returns only the metadata for an object. If the Range is satisfiable, only the ContentLength is affected in the response. If the Range is not satisfiable, S3 returns a 416 - Requested Range Not Satisfiable error.
      */
     Range?: Range;
+    /**
+     * Sets the Cache-Control header of the response.
+     */
+    ResponseCacheControl?: ResponseCacheControl;
+    /**
+     * Sets the Content-Disposition header of the response.
+     */
+    ResponseContentDisposition?: ResponseContentDisposition;
+    /**
+     * Sets the Content-Encoding header of the response.
+     */
+    ResponseContentEncoding?: ResponseContentEncoding;
+    /**
+     * Sets the Content-Language header of the response.
+     */
+    ResponseContentLanguage?: ResponseContentLanguage;
+    /**
+     * Sets the Content-Type header of the response.
+     */
+    ResponseContentType?: ResponseContentType;
+    /**
+     * Sets the Expires header of the response.
+     */
+    ResponseExpires?: ResponseExpires;
     /**
      * Version ID used to reference a specific version of the object.  For directory buckets in this API operation, only the null value of the version ID is supported. 
      */
@@ -3417,7 +3441,7 @@ declare namespace S3 {
   export type IfUnmodifiedSince = Date;
   export interface IndexDocument {
     /**
-     * A suffix that is appended to a request that is for a directory on the website endpoint (for example,if the suffix is index.html and you make a request to samplebucket/images/ the data that is returned will be for the object with the key name images/index.html) The suffix must not be empty and must not include a slash character.  Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see  XML related object key constraints. 
+     * A suffix that is appended to a request that is for a directory on the website endpoint. (For example, if the suffix is index.html and you make a request to samplebucket/images/, the data that is returned will be for the object with the key name images/index.html.) The suffix must not be empty and must not include a slash character.  Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see  XML related object key constraints. 
      */
     Suffix: Suffix;
   }
@@ -4466,7 +4490,7 @@ declare namespace S3 {
      */
     NoncurrentDays?: Days;
     /**
-     * Specifies how many newer noncurrent versions must exist before Amazon S3 can perform the associated action on a given version. If there are this many more recent noncurrent versions, Amazon S3 will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
+     * Specifies how many noncurrent versions Amazon S3 will retain. You can specify up to 100 noncurrent versions to retain. Amazon S3 will permanently delete any additional noncurrent versions beyond the specified number to retain. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
      */
     NewerNoncurrentVersions?: VersionCount;
   }
@@ -4480,7 +4504,7 @@ declare namespace S3 {
      */
     StorageClass?: TransitionStorageClass;
     /**
-     * Specifies how many newer noncurrent versions must exist before Amazon S3 can perform the associated action on a given version. If there are this many more recent noncurrent versions, Amazon S3 will take the associated action. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
+     * Specifies how many noncurrent versions Amazon S3 will retain in the same storage class before transitioning objects. You can specify up to 100 noncurrent versions to retain. Amazon S3 will transition any additional noncurrent versions beyond the specified number to retain. For more information about noncurrent versions, see Lifecycle configuration elements in the Amazon S3 User Guide.
      */
     NewerNoncurrentVersions?: VersionCount;
   }