From 6f84e87803301f7b844bf7ce09f1be4f3b351831 Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Fri, 1 Dec 2023 08:51:16 +0000 Subject: [PATCH] update: AWS Go SDK bump to the latest release Signed-off-by: Milos Gajdos --- go.mod | 2 +- go.sum | 20 +- .../aws/corehandlers/awsinternal.go | 4 + .../aws-sdk-go/aws/corehandlers/user_agent.go | 10 + .../aws/credentials/endpointcreds/provider.go | 47 +- .../credentials/ssocreds/token_provider.go | 9 + .../aws/aws-sdk-go/aws/defaults/defaults.go | 65 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 2281 ++++- .../aws/aws-sdk-go/aws/session/env_config.go | 28 + .../aws/aws-sdk-go/aws/session/session.go | 8 + .../aws-sdk-go/aws/session/shared_config.go | 35 +- .../aws/aws-sdk-go/aws/signer/v4/v4.go | 2 + .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../aws-sdk-go/internal/ini/literal_tokens.go | 57 +- .../aws/aws-sdk-go/internal/ini/visitor.go | 6 +- .../aws/aws-sdk-go/service/s3/api.go | 7581 ++++++++++++----- .../aws/aws-sdk-go/service/s3/errors.go | 9 + .../aws/aws-sdk-go/service/ssooidc/api.go | 664 +- .../aws/aws-sdk-go/service/ssooidc/doc.go | 39 +- .../aws/aws-sdk-go/service/ssooidc/errors.go | 8 + .../aws/aws-sdk-go/service/ssooidc/service.go | 2 +- .../aws/aws-sdk-go/service/sts/api.go | 20 +- vendor/modules.txt | 4 +- 23 files changed, 8582 insertions(+), 2321 deletions(-) create mode 100644 vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go diff --git a/go.mod b/go.mod index 8189d247..8e7b2a9f 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 - github.com/aws/aws-sdk-go v1.44.325 + github.com/aws/aws-sdk-go v1.48.10 github.com/bshuster-repo/logrus-logstash-hook v1.0.0 github.com/coreos/go-systemd/v22 v22.5.0 github.com/distribution/reference v0.5.0 diff --git a/go.sum b/go.sum index 5efa7800..4b40d607 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/aws/aws-sdk-go v1.44.325 h1:jF/L99fJSq/BfiLmUOflO/aM+LwcqBm0Fe/qTK5xxuI= -github.com/aws/aws-sdk-go v1.44.325/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.48.10 h1:0LIFG3wp2Dt6PsxKWCg1Y1xRrn2vZnW5/gWdgaBalKg= +github.com/aws/aws-sdk-go v1.48.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -319,7 +319,6 @@ github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gt github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -341,7 +340,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -374,7 +372,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -404,10 +401,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -427,7 +421,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -466,27 +459,19 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -532,7 +517,6 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go new file mode 100644 index 00000000..140242dd --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/awsinternal.go @@ -0,0 +1,4 @@ +// DO NOT EDIT +package corehandlers + +const isAwsInternal = "" \ No newline at end of file diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go index ab69c7a6..ac842c55 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/user_agent.go @@ -35,3 +35,13 @@ var AddHostExecEnvUserAgentHander = request.NamedHandler{ request.AddToUserAgent(r, execEnvUAKey+"/"+v) }, } + +var AddAwsInternal = request.NamedHandler{ + Name: "core.AddAwsInternal", + Fn: func(r *request.Request) { + if len(isAwsInternal) == 0 { + return + } + request.AddToUserAgent(r, isAwsInternal) + }, +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index 785f30d8..329f788a 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go @@ -31,6 +31,8 @@ package endpointcreds import ( "encoding/json" + "fmt" + "strings" "time" "github.com/aws/aws-sdk-go/aws" @@ -69,7 +71,37 @@ type Provider struct { // Optional authorization token value if set will be used as the value of // the Authorization header of the endpoint credential request. + // + // When constructed from environment, the provider will use the value of + // AWS_CONTAINER_AUTHORIZATION_TOKEN environment variable as the token + // + // Will be overridden if AuthorizationTokenProvider is configured AuthorizationToken string + + // Optional auth provider func to dynamically load the auth token from a file + // everytime a credential is retrieved + // + // When constructed from environment, the provider will read and use the content + // of the file pointed to by AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE environment variable + // as the auth token everytime credentials are retrieved + // + // Will override AuthorizationToken if configured + AuthorizationTokenProvider AuthTokenProvider +} + +// AuthTokenProvider defines an interface to dynamically load a value to be passed +// for the Authorization header of a credentials request. +type AuthTokenProvider interface { + GetToken() (string, error) +} + +// TokenProviderFunc is a func type implementing AuthTokenProvider interface +// and enables customizing token provider behavior +type TokenProviderFunc func() (string, error) + +// GetToken func retrieves auth token according to TokenProviderFunc implementation +func (p TokenProviderFunc) GetToken() (string, error) { + return p() } // NewProviderClient returns a credentials Provider for retrieving AWS credentials @@ -164,7 +196,20 @@ func (p *Provider) getCredentials(ctx aws.Context) (*getCredentialsOutput, error req := p.Client.NewRequest(op, nil, out) req.SetContext(ctx) req.HTTPRequest.Header.Set("Accept", "application/json") - if authToken := p.AuthorizationToken; len(authToken) != 0 { + + authToken := p.AuthorizationToken + var err error + if p.AuthorizationTokenProvider != nil { + authToken, err = p.AuthorizationTokenProvider.GetToken() + if err != nil { + return nil, fmt.Errorf("get authorization token: %v", err) + } + } + + if strings.ContainsAny(authToken, "\r\n") { + return nil, fmt.Errorf("authorization token contains invalid newline sequence") + } + if len(authToken) != 0 { req.HTTPRequest.Header.Set("Authorization", authToken) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go index 7562cd01..3388b78b 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/ssocreds/token_provider.go @@ -111,6 +111,15 @@ func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error) if err != nil { return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err) } + if createResult.ExpiresIn == nil { + return cachedToken{}, fmt.Errorf("missing required field ExpiresIn") + } + if createResult.AccessToken == nil { + return cachedToken{}, fmt.Errorf("missing required field AccessToken") + } + if createResult.RefreshToken == nil { + return cachedToken{}, fmt.Errorf("missing required field RefreshToken") + } expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go index 23bb639e..1ba80b57 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go @@ -9,6 +9,7 @@ package defaults import ( "fmt" + "io/ioutil" "net" "net/http" "net/url" @@ -74,6 +75,7 @@ func Handlers() request.Handlers { handlers.Validate.PushBackNamed(corehandlers.ValidateEndpointHandler) handlers.Validate.AfterEachFn = request.HandlerListStopOnError handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler) + handlers.Build.PushBackNamed(corehandlers.AddAwsInternal) handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHander) handlers.Build.AfterEachFn = request.HandlerListStopOnError handlers.Sign.PushBackNamed(corehandlers.BuildContentLengthHandler) @@ -114,9 +116,31 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro const ( httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" + httpProviderAuthFileEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE" httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" ) +// direct representation of the IPv4 address for the ECS container +// "169.254.170.2" +var ecsContainerIPv4 net.IP = []byte{ + 169, 254, 170, 2, +} + +// direct representation of the IPv4 address for the EKS container +// "169.254.170.23" +var eksContainerIPv4 net.IP = []byte{ + 169, 254, 170, 23, +} + +// direct representation of the IPv6 address for the EKS container +// "fd00:ec2::23" +var eksContainerIPv6 net.IP = []byte{ + 0xFD, 0, 0xE, 0xC2, + 0, 0, 0, 0, + 0, 0, 0, 0, + 0, 0, 0, 0x23, +} + // RemoteCredProvider returns a credentials provider for the default remote // endpoints such as EC2 or ECS Roles. func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.Provider { @@ -134,19 +158,22 @@ func RemoteCredProvider(cfg aws.Config, handlers request.Handlers) credentials.P var lookupHostFn = net.LookupHost -func isLoopbackHost(host string) (bool, error) { - ip := net.ParseIP(host) - if ip != nil { - return ip.IsLoopback(), nil +// isAllowedHost allows host to be loopback or known ECS/EKS container IPs +// +// host can either be an IP address OR an unresolved hostname - resolution will +// be automatically performed in the latter case +func isAllowedHost(host string) (bool, error) { + if ip := net.ParseIP(host); ip != nil { + return isIPAllowed(ip), nil } - // Host is not an ip, perform lookup addrs, err := lookupHostFn(host) if err != nil { return false, err } + for _, addr := range addrs { - if !net.ParseIP(addr).IsLoopback() { + if ip := net.ParseIP(addr); ip == nil || !isIPAllowed(ip) { return false, nil } } @@ -154,6 +181,13 @@ func isLoopbackHost(host string) (bool, error) { return true, nil } +func isIPAllowed(ip net.IP) bool { + return ip.IsLoopback() || + ip.Equal(ecsContainerIPv4) || + ip.Equal(eksContainerIPv4) || + ip.Equal(eksContainerIPv6) +} + func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) credentials.Provider { var errMsg string @@ -164,10 +198,12 @@ func localHTTPCredProvider(cfg aws.Config, handlers request.Handlers, u string) host := aws.URLHostname(parsed) if len(host) == 0 { errMsg = "unable to parse host from local HTTP cred provider URL" - } else if isLoopback, loopbackErr := isLoopbackHost(host); loopbackErr != nil { - errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, loopbackErr) - } else if !isLoopback { - errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback hosts are allowed.", host) + } else if parsed.Scheme == "http" { + if isAllowedHost, allowHostErr := isAllowedHost(host); allowHostErr != nil { + errMsg = fmt.Sprintf("failed to resolve host %q, %v", host, allowHostErr) + } else if !isAllowedHost { + errMsg = fmt.Sprintf("invalid endpoint host, %q, only loopback/ecs/eks hosts are allowed.", host) + } } } @@ -189,6 +225,15 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede func(p *endpointcreds.Provider) { p.ExpiryWindow = 5 * time.Minute p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar) + if authFilePath := os.Getenv(httpProviderAuthFileEnvVar); authFilePath != "" { + p.AuthorizationTokenProvider = endpointcreds.TokenProviderFunc(func() (string, error) { + if contents, err := ioutil.ReadFile(authFilePath); err != nil { + return "", fmt.Errorf("failed to read authorization token from %v: %v", authFilePath, err) + } else { + return string(contents), nil + } + }) + } }, ) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 03f3f270..24cb9c6f 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -755,6 +755,13 @@ var awsPartition = partition{ }, }, }, + "agreement-marketplace": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "airflow": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -1040,6 +1047,21 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "ca-central-1-fips", + }: endpoint{ + Hostname: "api.detective-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -1058,6 +1080,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -1815,6 +1840,12 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -1824,12 +1855,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -2569,21 +2615,81 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appflow-fips.us-west-2.amazonaws.com", + }, }, }, "application-autoscaling": service{ @@ -2928,6 +3034,15 @@ var awsPartition = partition{ }: endpoint{ Hostname: "appmesh.eu-west-3.api.aws", }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "appmesh.il-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -3073,6 +3188,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -3085,6 +3203,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -3670,6 +3794,15 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "athena.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -3866,6 +3999,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -3890,6 +4029,51 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "autoscaling-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "il-central-1", }: endpoint{}, @@ -3905,15 +4089,39 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-1.amazonaws.com", + }, endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "autoscaling-fips.us-west-2.amazonaws.com", + }, }, }, "autoscaling-plans": service{ @@ -4053,6 +4261,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4334,6 +4545,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -4381,6 +4595,137 @@ var awsPartition = partition{ }, }, }, + "bedrock": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "bedrock-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "bedrock-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "bedrock-eu-central-1", + }: endpoint{ + Hostname: "bedrock.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "bedrock-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-runtime-ap-northeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-ap-southeast-1", + }: endpoint{ + Hostname: "bedrock-runtime.ap-southeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-eu-central-1", + }: endpoint{ + Hostname: "bedrock-runtime.eu-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-fips-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-fips-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-runtime-us-east-1", + }: endpoint{ + Hostname: "bedrock-runtime.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-runtime-us-west-2", + }: endpoint{ + Hostname: "bedrock-runtime.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "bedrock-us-east-1", + }: endpoint{ + Hostname: "bedrock.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + endpointKey{ + Region: "bedrock-us-west-2", + }: endpoint{ + Hostname: "bedrock.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "billingconductor": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, @@ -5684,6 +6029,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -5963,15 +6311,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -5993,6 +6353,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -6047,6 +6410,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -6255,6 +6624,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -6321,6 +6693,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -6373,6 +6748,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -6439,6 +6817,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -6730,6 +7111,14 @@ var awsPartition = partition{ Region: "ap-south-1", }, }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "compute-optimizer.ap-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-2", + }, + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{ @@ -6746,6 +7135,22 @@ var awsPartition = partition{ Region: "ap-southeast-2", }, }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-3.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-3", + }, + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "compute-optimizer.ap-southeast-4.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-southeast-4", + }, + }, endpointKey{ Region: "ca-central-1", }: endpoint{ @@ -6762,6 +7167,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -6778,6 +7191,14 @@ var awsPartition = partition{ Region: "eu-south-1", }, }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "compute-optimizer.eu-south-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-south-2", + }, + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -6802,6 +7223,22 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "compute-optimizer.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "compute-optimizer.me-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "me-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -7072,6 +7509,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, @@ -7167,6 +7607,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -7176,6 +7619,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -7197,12 +7643,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -7212,6 +7664,12 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -7292,6 +7750,18 @@ var awsPartition = partition{ }, }, }, + "cost-optimization-hub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "cost-optimization-hub.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + }, + }, + }, "cur": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -7897,6 +8367,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -7944,6 +8417,185 @@ var awsPartition = partition{ }, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "datazone.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "datazone.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "datazone.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "datazone.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "datazone.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "datazone.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "datazone.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "datazone.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "datazone.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "datazone.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "datazone.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "datazone.ca-central-1.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.ca-central-1.amazonaws.com", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "datazone.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "datazone.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "datazone.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "datazone.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "datazone.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "datazone.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "datazone.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "datazone.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "datazone.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "datazone.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "datazone.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "datazone.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "datazone.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "datazone.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-east-2.amazonaws.com", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "datazone.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "datazone.us-west-2.api.aws", + }, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datazone-fips.us-west-2.amazonaws.com", + }, + }, + }, "dax": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -8737,6 +9389,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -10895,6 +11550,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, @@ -10978,6 +11639,12 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -10996,6 +11663,15 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "fips-ca-central-1", + }: endpoint{ + Hostname: "email-fips.ca-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ca-central-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-east-1", }: endpoint{ @@ -11005,6 +11681,24 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "fips-us-east-2", + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-1", + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "fips-us-west-2", }: endpoint{ @@ -11014,6 +11708,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -11032,9 +11729,21 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-east-2.amazonaws.com", + }, endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-west-1.amazonaws.com", + }, endpointKey{ Region: "us-west-2", }: endpoint{}, @@ -11060,6 +11769,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -11069,6 +11781,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11141,6 +11856,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -11187,6 +11905,9 @@ var awsPartition = partition{ }, "emr-serverless": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -11196,6 +11917,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -11205,6 +11929,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -11220,6 +11947,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -11337,63 +12067,183 @@ var awsPartition = partition{ endpointKey{ Region: "af-south-1", }: endpoint{}, + endpointKey{ + Region: "af-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.af-south-1.api.aws", + }, endpointKey{ Region: "ap-east-1", }: endpoint{}, + endpointKey{ + Region: "ap-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-east-1.api.aws", + }, endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-1.api.aws", + }, endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-2.api.aws", + }, endpointKey{ Region: "ap-northeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-northeast-3.api.aws", + }, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-1.api.aws", + }, endpointKey{ Region: "ap-south-2", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-south-2.api.aws", + }, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-1.api.aws", + }, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-2.api.aws", + }, endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-3.api.aws", + }, endpointKey{ Region: "ap-southeast-4", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ap-southeast-4.api.aws", + }, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.ca-central-1.api.aws", + }, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-1.api.aws", + }, endpointKey{ Region: "eu-central-2", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-central-2.api.aws", + }, endpointKey{ Region: "eu-north-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-north-1.api.aws", + }, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-1.api.aws", + }, endpointKey{ Region: "eu-south-2", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-south-2.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-1.api.aws", + }, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-2.api.aws", + }, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.eu-west-3.api.aws", + }, endpointKey{ Region: "fips", }: endpoint{ @@ -11406,18 +12256,48 @@ var awsPartition = partition{ endpointKey{ Region: "il-central-1", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.il-central-1.api.aws", + }, endpointKey{ Region: "me-central-1", }: endpoint{}, + endpointKey{ + Region: "me-central-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-central-1.api.aws", + }, endpointKey{ Region: "me-south-1", }: endpoint{}, + endpointKey{ + Region: "me-south-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.me-south-1.api.aws", + }, endpointKey{ Region: "sa-east-1", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.sa-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-1.api.aws", + }, endpointKey{ Region: "us-east-1", Variant: fipsVariant, @@ -11436,6 +12316,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-east-2", }: endpoint{}, + endpointKey{ + Region: "us-east-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-east-2.api.aws", + }, endpointKey{ Region: "us-east-2", Variant: fipsVariant, @@ -11454,6 +12340,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-1", }: endpoint{}, + endpointKey{ + Region: "us-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-1.api.aws", + }, endpointKey{ Region: "us-west-1", Variant: fipsVariant, @@ -11472,6 +12364,12 @@ var awsPartition = partition{ endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-west-2.api.aws", + }, endpointKey{ Region: "us-west-2", Variant: fipsVariant, @@ -11688,12 +12586,27 @@ var awsPartition = partition{ }, "finspace": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -12188,6 +13101,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -12585,6 +13501,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -12789,16 +13708,6 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "gamesparks": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "ap-northeast-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - }, - }, "geo": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -13483,6 +14392,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -13760,6 +14672,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -13775,6 +14690,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -14019,6 +14937,9 @@ var awsPartition = partition{ }, "inspector2": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, endpointKey{ Region: "ap-east-1", }: endpoint{}, @@ -14028,6 +14949,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -14037,12 +14961,18 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -14215,7 +15145,7 @@ var awsPartition = partition{ Region: "ca-central-1", Variant: fipsVariant, }: endpoint{ - Hostname: "internetmonitor-fips.ca-central-1.api.aws", + Hostname: "internetmonitor-fips.ca-central-1.amazonaws.com", }, endpointKey{ Region: "eu-central-1", @@ -14286,7 +15216,7 @@ var awsPartition = partition{ Region: "us-east-1", Variant: fipsVariant, }: endpoint{ - Hostname: "internetmonitor-fips.us-east-1.api.aws", + Hostname: "internetmonitor-fips.us-east-1.amazonaws.com", }, endpointKey{ Region: "us-east-2", @@ -14297,7 +15227,7 @@ var awsPartition = partition{ Region: "us-east-2", Variant: fipsVariant, }: endpoint{ - Hostname: "internetmonitor-fips.us-east-2.api.aws", + Hostname: "internetmonitor-fips.us-east-2.amazonaws.com", }, endpointKey{ Region: "us-west-1", @@ -14308,7 +15238,7 @@ var awsPartition = partition{ Region: "us-west-1", Variant: fipsVariant, }: endpoint{ - Hostname: "internetmonitor-fips.us-west-1.api.aws", + Hostname: "internetmonitor-fips.us-west-1.amazonaws.com", }, endpointKey{ Region: "us-west-2", @@ -14319,7 +15249,7 @@ var awsPartition = partition{ Region: "us-west-2", Variant: fipsVariant, }: endpoint{ - Hostname: "internetmonitor-fips.us-west-2.api.aws", + Hostname: "internetmonitor-fips.us-west-2.amazonaws.com", }, }, }, @@ -15038,12 +15968,45 @@ var awsPartition = partition{ }, "iottwinmaker": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "api-ap-northeast-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "api-ap-northeast-2", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "api-ap-south-1", + }: endpoint{ + Hostname: "api.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, endpointKey{ Region: "api-ap-southeast-1", }: endpoint{ @@ -15092,6 +16055,30 @@ var awsPartition = partition{ Region: "us-west-2", }, }, + endpointKey{ + Region: "data-ap-northeast-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-1", + }, + }, + endpointKey{ + Region: "data-ap-northeast-2", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-northeast-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-northeast-2", + }, + }, + endpointKey{ + Region: "data-ap-south-1", + }: endpoint{ + Hostname: "data.iottwinmaker.ap-south-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "ap-south-1", + }, + }, endpointKey{ Region: "data-ap-southeast-1", }: endpoint{ @@ -15448,6 +16435,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -17084,6 +18074,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -17093,18 +18086,27 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-3", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -17150,6 +18152,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -17362,24 +18370,39 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -17425,6 +18448,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -17841,46 +18870,6 @@ var awsPartition = partition{ }: endpoint{}, }, }, - "macie": service{ - Endpoints: serviceEndpoints{ - endpointKey{ - Region: "fips-us-east-1", - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-east-1", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "fips-us-west-2", - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - CredentialScope: credentialScope{ - Region: "us-west-2", - }, - Deprecated: boxedTrue, - }, - endpointKey{ - Region: "us-east-1", - }: endpoint{}, - endpointKey{ - Region: "us-east-1", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-east-1.amazonaws.com", - }, - endpointKey{ - Region: "us-west-2", - }: endpoint{}, - endpointKey{ - Region: "us-west-2", - Variant: fipsVariant, - }: endpoint{ - Hostname: "macie-fips.us-west-2.amazonaws.com", - }, - }, - }, "macie2": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -17964,6 +18953,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -18030,6 +19022,13 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "managedblockchain-query": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + }, + }, "marketplacecommerceanalytics": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -18155,6 +19154,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -18164,6 +19166,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -18373,6 +19378,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -18425,6 +19433,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -18477,6 +19488,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -18554,12 +19568,33 @@ var awsPartition = partition{ }, "meetings-chime": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -18995,6 +20030,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -19781,6 +20819,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -20075,6 +21116,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "oidc.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -20115,6 +21164,14 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "oidc.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -20217,6 +21274,14 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "omics.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "us-east-1", }: endpoint{ @@ -20370,12 +21435,21 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -20500,6 +21574,12 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, + endpointKey{ + Region: "me-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -20892,6 +21972,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-south-2", + }: endpoint{}, endpointKey{ Region: "ap-southeast-1", }: endpoint{}, @@ -20907,12 +21990,18 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, endpointKey{ Region: "eu-south-1", }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, @@ -21159,6 +22248,14 @@ var awsPartition = partition{ Region: "eu-central-1", }, }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "portal.sso.eu-central-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "eu-central-2", + }, + }, endpointKey{ Region: "eu-north-1", }: endpoint{ @@ -21199,6 +22296,14 @@ var awsPartition = partition{ Region: "eu-west-3", }, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "portal.sso.il-central-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "il-central-1", + }, + }, endpointKey{ Region: "me-south-1", }: endpoint{ @@ -21390,6 +22495,161 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "qbusiness.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "qbusiness.ap-east-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-1.api.aws", + }, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-2.api.aws", + }, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-northeast-3.api.aws", + }, + endpointKey{ + Region: "ap-south-1", + }: endpoint{ + Hostname: "qbusiness.ap-south-1.api.aws", + }, + endpointKey{ + Region: "ap-south-2", + }: endpoint{ + Hostname: "qbusiness.ap-south-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-1.api.aws", + }, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-2.api.aws", + }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-3.api.aws", + }, + endpointKey{ + Region: "ap-southeast-4", + }: endpoint{ + Hostname: "qbusiness.ap-southeast-4.api.aws", + }, + endpointKey{ + Region: "ca-central-1", + }: endpoint{ + Hostname: "qbusiness.ca-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-1", + }: endpoint{ + Hostname: "qbusiness.eu-central-1.api.aws", + }, + endpointKey{ + Region: "eu-central-2", + }: endpoint{ + Hostname: "qbusiness.eu-central-2.api.aws", + }, + endpointKey{ + Region: "eu-north-1", + }: endpoint{ + Hostname: "qbusiness.eu-north-1.api.aws", + }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "qbusiness.eu-south-1.api.aws", + }, + endpointKey{ + Region: "eu-south-2", + }: endpoint{ + Hostname: "qbusiness.eu-south-2.api.aws", + }, + endpointKey{ + Region: "eu-west-1", + }: endpoint{ + Hostname: "qbusiness.eu-west-1.api.aws", + }, + endpointKey{ + Region: "eu-west-2", + }: endpoint{ + Hostname: "qbusiness.eu-west-2.api.aws", + }, + endpointKey{ + Region: "eu-west-3", + }: endpoint{ + Hostname: "qbusiness.eu-west-3.api.aws", + }, + endpointKey{ + Region: "il-central-1", + }: endpoint{ + Hostname: "qbusiness.il-central-1.api.aws", + }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "qbusiness.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "qbusiness.me-south-1.api.aws", + }, + endpointKey{ + Region: "sa-east-1", + }: endpoint{ + Hostname: "qbusiness.sa-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-1", + }: endpoint{ + Hostname: "qbusiness.us-east-1.api.aws", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{ + Hostname: "qbusiness.us-east-2.api.aws", + }, + endpointKey{ + Region: "us-west-1", + }: endpoint{ + Hostname: "qbusiness.us-west-1.api.aws", + }, + endpointKey{ + Region: "us-west-2", + }: endpoint{ + Hostname: "qbusiness.us-west-2.api.aws", + }, + }, + }, "qldb": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -22525,6 +23785,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "rekognition-fips.ca-central-1", }: endpoint{ @@ -22811,6 +24074,16 @@ var awsPartition = partition{ }, }, Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.af-south-1.api.aws", + }, + endpointKey{ + Region: "ap-east-1", + }: endpoint{ + Hostname: "resource-explorer-2.ap-east-1.api.aws", + }, endpointKey{ Region: "ap-northeast-1", }: endpoint{ @@ -22846,6 +24119,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.ap-southeast-2.api.aws", }, + endpointKey{ + Region: "ap-southeast-3", + }: endpoint{ + Hostname: "resource-explorer-2.ap-southeast-3.api.aws", + }, endpointKey{ Region: "ap-southeast-4", }: endpoint{ @@ -22871,6 +24149,11 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.eu-north-1.api.aws", }, + endpointKey{ + Region: "eu-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.eu-south-1.api.aws", + }, endpointKey{ Region: "eu-west-1", }: endpoint{ @@ -22891,6 +24174,16 @@ var awsPartition = partition{ }: endpoint{ Hostname: "resource-explorer-2.il-central-1.api.aws", }, + endpointKey{ + Region: "me-central-1", + }: endpoint{ + Hostname: "resource-explorer-2.me-central-1.api.aws", + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{ + Hostname: "resource-explorer-2.me-south-1.api.aws", + }, endpointKey{ Region: "sa-east-1", }: endpoint{ @@ -24629,6 +25922,9 @@ var awsPartition = partition{ Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -25205,6 +26501,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-northeast-2", }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, @@ -25214,15 +26513,24 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, endpointKey{ Region: "eu-west-2", }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -25600,6 +26908,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -26075,6 +27386,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -27673,6 +28987,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-central-2", + }: endpoint{}, endpointKey{ Region: "eu-north-1", }: endpoint{}, @@ -27688,6 +29005,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-south-1", }: endpoint{}, @@ -27933,6 +29253,9 @@ var awsPartition = partition{ endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -28806,17 +30129,57 @@ var awsPartition = partition{ }, }, }, - "tnb": service{ + "thinclient": service{ Endpoints: serviceEndpoints{ endpointKey{ - Region: "ap-southeast-2", + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, + "tnb": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-2", + }: endpoint{}, endpointKey{ Region: "eu-west-3", }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, @@ -29239,6 +30602,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "me-central-1", }: endpoint{}, @@ -29484,6 +30850,9 @@ var awsPartition = partition{ endpointKey{ Region: "ap-southeast-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, endpointKey{ Region: "ca-central-1", }: endpoint{}, @@ -31420,6 +32789,9 @@ var awsPartition = partition{ }, Deprecated: boxedTrue, }, + endpointKey{ + Region: "il-central-1", + }: endpoint{}, endpointKey{ Region: "sa-east-1", }: endpoint{}, @@ -31747,6 +33119,20 @@ var awscnPartition = partition{ }, }, }, + "api.pricing": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + CredentialScope: credentialScope{ + Service: "pricing", + }, + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "api.sagemaker": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32164,6 +33550,31 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "datazone.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "datazone.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "dax": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32376,9 +33787,21 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "emr-containers": service{ @@ -32406,9 +33829,21 @@ var awscnPartition = partition{ endpointKey{ Region: "cn-north-1", }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-north-1.api.amazonwebservices.com.cn", + }, endpointKey{ Region: "cn-northwest-1", }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.cn-northwest-1.api.amazonwebservices.com.cn", + }, }, }, "events": service{ @@ -32566,6 +34001,16 @@ var awscnPartition = partition{ }, }, }, + "identitystore": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "internetmonitor": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -32865,6 +34310,26 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "oidc": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "oidc.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "oidc.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, "organizations": service{ PartitionEndpoint: "aws-cn-global", IsRegionalized: boxedFalse, @@ -32903,6 +34368,51 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "portal.sso": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "portal.sso.cn-north-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-north-1", + }, + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "portal.sso.cn-northwest-1.amazonaws.com.cn", + CredentialScope: credentialScope{ + Region: "cn-northwest-1", + }, + }, + }, + }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.amazonwebservices.com.cn", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.amazonwebservices.com.cn", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{ + Hostname: "qbusiness.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{ + Hostname: "qbusiness.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "ram": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -32943,6 +34453,13 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "redshift-serverless": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + }, + }, "resource-explorer-2": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -33334,7 +34851,7 @@ var awscnPartition = partition{ }: endpoint{}, }, }, - "states": service{ + "sso": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "cn-north-1", @@ -33344,6 +34861,28 @@ var awscnPartition = partition{ }: endpoint{}, }, }, + "states": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-north-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-north-1.api.amazonwebservices.com.cn", + }, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "states.cn-northwest-1.api.amazonwebservices.com.cn", + }, + }, + }, "storagegateway": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34115,12 +35654,42 @@ var awsusgovPartition = partition{ }, "appconfigdata": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "appconfigdata.us-gov-west-1.amazonaws.com", + }, }, }, "application-autoscaling": service{ @@ -34255,6 +35824,16 @@ var awsusgovPartition = partition{ }, }, }, + "arc-zonal-shift": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "athena": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -34853,6 +36432,13 @@ var awsusgovPartition = partition{ }, }, }, + "codestar-connections": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + }, + }, "cognito-identity": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -35196,6 +36782,31 @@ var awsusgovPartition = partition{ }, }, }, + "datazone": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "datazone.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "datazone.us-gov-west-1.api.aws", + }, + }, + }, "directconnect": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -35343,6 +36954,46 @@ var awsusgovPartition = partition{ }, }, }, + "drs": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "drs-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "ds": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -35798,6 +37449,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -35809,6 +37466,13 @@ var awsusgovPartition = partition{ }: endpoint{ Protocols: []string{"https"}, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-gov-west-1.api.aws", + Protocols: []string{"https"}, + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -35864,6 +37528,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, @@ -35882,6 +37552,12 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "aos.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, @@ -36118,6 +37794,28 @@ var awsusgovPartition = partition{ }, }, }, + "geo": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "geo-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "glacier": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -36184,21 +37882,45 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ Hostname: "glue-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "glue.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "glue-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "glue-fips.us-gov-west-1.api.aws", + }, }, }, "greengrass": service{ @@ -37033,21 +38755,45 @@ var awsusgovPartition = partition{ endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-east-1", Variant: fipsVariant, }: endpoint{ Hostname: "lakeformation-fips.us-gov-east-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-east-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: dualStackVariant, + }: endpoint{ + Hostname: "lakeformation.us-gov-west-1.api.aws", + }, endpointKey{ Region: "us-gov-west-1", Variant: fipsVariant, }: endpoint{ Hostname: "lakeformation-fips.us-gov-west-1.amazonaws.com", }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant | dualStackVariant, + }: endpoint{ + Hostname: "lakeformation-fips.us-gov-west-1.api.aws", + }, }, }, "lambda": service{ @@ -37192,6 +38938,36 @@ var awsusgovPartition = partition{ }, }, }, + "m2": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{}, + }, + }, "managedblockchain": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37748,6 +39524,31 @@ var awsusgovPartition = partition{ }, }, }, + "qbusiness": service{ + Defaults: endpointDefaults{ + defaultKey{}: endpoint{ + DNSSuffix: "api.aws", + }, + defaultKey{ + Variant: fipsVariant, + }: endpoint{ + Hostname: "{service}-fips.{region}.{dnsSuffix}", + DNSSuffix: "api.aws", + }, + }, + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-east-1.api.aws", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{ + Hostname: "qbusiness.us-gov-west-1.api.aws", + }, + }, + }, "quicksight": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -37989,6 +39790,46 @@ var awsusgovPartition = partition{ }, }, }, + "resiliencehub": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "resiliencehub-fips.us-gov-west-1.amazonaws.com", + }, + }, + }, "resource-explorer-2": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ @@ -38069,6 +39910,16 @@ var awsusgovPartition = partition{ }: endpoint{}, }, }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-gov-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + }: endpoint{}, + }, + }, "route53": service{ PartitionEndpoint: "aws-us-gov-global", IsRegionalized: boxedFalse, @@ -38667,7 +40518,7 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-gov-east-1.amazonaws.com", + Hostname: "servicediscovery.us-gov-east-1.api.aws", }, endpointKey{ Region: "us-gov-east-1", @@ -38679,7 +40530,7 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", Variant: fipsVariant | dualStackVariant, }: endpoint{ - Hostname: "servicediscovery-fips.us-gov-east-1.amazonaws.com", + Hostname: "servicediscovery-fips.us-gov-east-1.api.aws", }, endpointKey{ Region: "us-gov-east-1-fips", @@ -38697,7 +40548,7 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", Variant: dualStackVariant, }: endpoint{ - Hostname: "servicediscovery.us-gov-west-1.amazonaws.com", + Hostname: "servicediscovery.us-gov-west-1.api.aws", }, endpointKey{ Region: "us-gov-west-1", @@ -38709,7 +40560,7 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", Variant: fipsVariant | dualStackVariant, }: endpoint{ - Hostname: "servicediscovery-fips.us-gov-west-1.amazonaws.com", + Hostname: "servicediscovery-fips.us-gov-west-1.api.aws", }, endpointKey{ Region: "us-gov-west-1-fips", @@ -38775,12 +40626,42 @@ var awsusgovPartition = partition{ }, "simspaceweaver": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-gov-east-1", + }: endpoint{ + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-gov-west-1", + }: endpoint{ + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-east-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-east-1.amazonaws.com", + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{}, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "simspaceweaver.us-gov-west-1.amazonaws.com", + }, }, }, "sms": service{ @@ -38998,6 +40879,24 @@ var awsusgovPartition = partition{ Region: "us-gov-east-1", }, }, + endpointKey{ + Region: "us-gov-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + endpointKey{ + Region: "us-gov-east-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-gov-west-1", }: endpoint{ @@ -39006,6 +40905,24 @@ var awsusgovPartition = partition{ Region: "us-gov-west-1", }, }, + endpointKey{ + Region: "us-gov-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + endpointKey{ + Region: "us-gov-west-1-fips", + }: endpoint{ + Hostname: "sso.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + Deprecated: boxedTrue, + }, }, }, "states": service{ @@ -39915,6 +41832,28 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, + "datasync": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "datasync-fips.us-iso-west-1.c2s.ic.gov", + }, + }, + }, "directconnect": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -40037,6 +41976,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "ec2": service{ @@ -40069,6 +42011,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "elasticache": service{ @@ -40135,14 +42080,45 @@ var awsisoPartition = partition{ }, "elasticmapreduce": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-iso-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-iso-west-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-iso-east-1", }: endpoint{ Protocols: []string{"https"}, }, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-east-1.c2s.ic.gov", + Protocols: []string{"https"}, + }, endpointKey{ Region: "us-iso-west-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-iso-west-1.c2s.ic.gov", + }, }, }, "es": service{ @@ -40393,6 +42369,100 @@ var awsisoPartition = partition{ }, }, "rds": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-iso-east-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds-fips.us-iso-west-1", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-east-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + }, + endpointKey{ + Region: "us-iso-west-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-iso-west-1.c2s.ic.gov", + CredentialScope: credentialScope{ + Region: "us-iso-west-1", + }, + Deprecated: boxedTrue, + }, + }, + }, + "redshift": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-iso-east-1", @@ -40402,7 +42472,7 @@ var awsisoPartition = partition{ }: endpoint{}, }, }, - "redshift": service{ + "resource-groups": service{ Endpoints: serviceEndpoints{ endpointKey{ Region: "us-iso-east-1", @@ -40684,6 +42754,13 @@ var awsisobPartition = partition{ }, }, }, + "api.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "appconfig": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -40722,6 +42799,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "cloudcontrolapi": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "cloudformation": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -40918,9 +43002,24 @@ var awsisobPartition = partition{ }, "elasticmapreduce": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "fips-us-isob-east-1", + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "elasticmapreduce.us-isob-east-1.sc2s.sgov.gov", + }, }, }, "es": service{ @@ -41052,6 +43151,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "outposts": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "ram": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -41083,9 +43189,51 @@ var awsisobPartition = partition{ }, "rds": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "rds-fips.us-isob-east-1", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + }: endpoint{ + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "rds.us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, endpointKey{ Region: "us-isob-east-1", }: endpoint{}, + endpointKey{ + Region: "us-isob-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + }, + endpointKey{ + Region: "us-isob-east-1-fips", + }: endpoint{ + Hostname: "rds-fips.us-isob-east-1.sc2s.sgov.gov", + CredentialScope: credentialScope{ + Region: "us-isob-east-1", + }, + Deprecated: boxedTrue, + }, }, }, "redshift": service{ @@ -41123,6 +43271,13 @@ var awsisobPartition = partition{ }: endpoint{}, }, }, + "runtime.sagemaker": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "us-isob-east-1", + }: endpoint{}, + }, + }, "s3": service{ Defaults: endpointDefaults{ defaultKey{}: endpoint{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go index d6fa2477..93bb5de6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/env_config.go @@ -171,6 +171,12 @@ type envConfig struct { // AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE=IPv6 EC2IMDSEndpointMode endpoints.EC2IMDSEndpointModeState + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // AWS_EC2_METADATA_V1_DISABLED=true + EC2IMDSv1Disabled *bool + // Specifies that SDK clients must resolve a dual-stack endpoint for // services. // @@ -251,6 +257,9 @@ var ( ec2IMDSEndpointModeEnvKey = []string{ "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE", } + ec2MetadataV1DisabledEnvKey = []string{ + "AWS_EC2_METADATA_V1_DISABLED", + } useCABundleKey = []string{ "AWS_CA_BUNDLE", } @@ -393,6 +402,7 @@ func envConfigLoad(enableSharedConfig bool) (envConfig, error) { if err := setEC2IMDSEndpointMode(&cfg.EC2IMDSEndpointMode, ec2IMDSEndpointModeEnvKey); err != nil { return envConfig{}, err } + setBoolPtrFromEnvVal(&cfg.EC2IMDSv1Disabled, ec2MetadataV1DisabledEnvKey) if err := setUseDualStackEndpointFromEnvVal(&cfg.UseDualStackEndpoint, awsUseDualStackEndpoint); err != nil { return cfg, err @@ -414,6 +424,24 @@ func setFromEnvVal(dst *string, keys []string) { } } +func setBoolPtrFromEnvVal(dst **bool, keys []string) { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch { + case strings.EqualFold(value, "false"): + *dst = new(bool) + **dst = false + case strings.EqualFold(value, "true"): + *dst = new(bool) + **dst = true + } + } +} + func setEC2IMDSEndpointMode(mode *endpoints.EC2IMDSEndpointModeState, keys []string) error { for _, k := range keys { value := os.Getenv(k) diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go index 8127c99a..3c88dee5 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/session.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/session.go @@ -779,6 +779,14 @@ func mergeConfigSrcs(cfg, userCfg *aws.Config, cfg.EndpointResolver = wrapEC2IMDSEndpoint(cfg.EndpointResolver, ec2IMDSEndpoint, endpointMode) } + cfg.EC2MetadataEnableFallback = userCfg.EC2MetadataEnableFallback + if cfg.EC2MetadataEnableFallback == nil && envCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*envCfg.EC2IMDSv1Disabled) + } + if cfg.EC2MetadataEnableFallback == nil && sharedCfg.EC2IMDSv1Disabled != nil { + cfg.EC2MetadataEnableFallback = aws.Bool(!*sharedCfg.EC2IMDSv1Disabled) + } + cfg.S3UseARNRegion = userCfg.S3UseARNRegion if cfg.S3UseARNRegion == nil { cfg.S3UseARNRegion = &envCfg.S3UseARNRegion diff --git a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go index ea3ac0d0..f3ce8183 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go @@ -80,6 +80,9 @@ const ( // EC2 IMDS Endpoint ec2MetadataServiceEndpointKey = "ec2_metadata_service_endpoint" + // ECS IMDSv1 disable fallback + ec2MetadataV1DisabledKey = "ec2_metadata_v1_disabled" + // Use DualStack Endpoint Resolution useDualStackEndpoint = "use_dualstack_endpoint" @@ -179,6 +182,12 @@ type sharedConfig struct { // ec2_metadata_service_endpoint=http://fd00:ec2::254 EC2IMDSEndpoint string + // Specifies that IMDS clients should not fallback to IMDSv1 if token + // requests fail. + // + // ec2_metadata_v1_disabled=true + EC2IMDSv1Disabled *bool + // Specifies that SDK clients must resolve a dual-stack endpoint for // services. // @@ -389,8 +398,15 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e updateString(&cfg.Region, section, regionKey) updateString(&cfg.CustomCABundle, section, customCABundleKey) + // we're retaining a behavioral quirk with this field that existed before + // the removal of literal parsing for (aws-sdk-go-v2/#2276): + // - if the key is missing, the config field will not be set + // - if the key is set to a non-numeric, the config field will be set to 0 if section.Has(roleDurationSecondsKey) { - d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second + var d time.Duration + if v, ok := section.Int(roleDurationSecondsKey); ok { + d = time.Duration(v) * time.Second + } cfg.AssumeRoleDuration = &d } @@ -427,6 +443,7 @@ func (cfg *sharedConfig) setFromIniFile(profile string, file sharedConfigFile, e ec2MetadataServiceEndpointModeKey, file.Filename, err) } updateString(&cfg.EC2IMDSEndpoint, section, ec2MetadataServiceEndpointKey) + updateBoolPtr(&cfg.EC2IMDSv1Disabled, section, ec2MetadataV1DisabledKey) updateUseDualStackEndpoint(&cfg.UseDualStackEndpoint, section, useDualStackEndpoint) @@ -668,7 +685,10 @@ func updateBool(dst *bool, section ini.Section, key string) { if !section.Has(key) { return } - *dst = section.Bool(key) + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) + *dst = v } // updateBoolPtr will only update the dst with the value in the section key, @@ -677,8 +697,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) { if !section.Has(key) { return } + + // retains pre-(aws-sdk-go-v2#2276) behavior where non-bool value would resolve to false + v, _ := section.Bool(key) *dst = new(bool) - **dst = section.Bool(key) + **dst = v } // SharedConfigLoadError is an error for the shared config file failed to load. @@ -805,7 +828,8 @@ func updateUseDualStackEndpoint(dst *endpoints.DualStackEndpointState, section i return } - if section.Bool(key) { + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { *dst = endpoints.DualStackEndpointStateEnabled } else { *dst = endpoints.DualStackEndpointStateDisabled @@ -821,7 +845,8 @@ func updateUseFIPSEndpoint(dst *endpoints.FIPSEndpointState, section ini.Section return } - if section.Bool(key) { + // retains pre-(aws-sdk-go-v2/#2276) behavior where non-bool value would resolve to false + if v, _ := section.Bool(key); v { *dst = endpoints.FIPSEndpointStateEnabled } else { *dst = endpoints.FIPSEndpointStateDisabled diff --git a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go index 41386bab..b542df93 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/signer/v4/v4.go @@ -125,6 +125,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Expected-Bucket-Owner": struct{}{}, "X-Amz-Grant-Full-control": struct{}{}, "X-Amz-Grant-Read": struct{}{}, "X-Amz-Grant-Read-Acp": struct{}{}, @@ -135,6 +136,7 @@ var requiredSignedHeaders = rules{ "X-Amz-Request-Payer": struct{}{}, "X-Amz-Server-Side-Encryption": struct{}{}, "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, + "X-Amz-Server-Side-Encryption-Context": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 88f7289c..0d9b5ea6 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.325" +const SDKVersion = "1.48.10" diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go index 34a481af..b1b68608 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/literal_tokens.go @@ -154,11 +154,11 @@ func (v ValueType) String() string { // ValueType enums const ( NoneType = ValueType(iota) - DecimalType - IntegerType + DecimalType // deprecated + IntegerType // deprecated StringType QuotedStringType - BoolType + BoolType // deprecated ) // Value is a union container @@ -166,9 +166,9 @@ type Value struct { Type ValueType raw []rune - integer int64 - decimal float64 - boolean bool + integer int64 // deprecated + decimal float64 // deprecated + boolean bool // deprecated str string } @@ -253,24 +253,6 @@ func newLitToken(b []rune) (Token, int, error) { } token = newToken(TokenLit, b[:n], QuotedStringType) - } else if isNumberValue(b) { - var base int - base, n, err = getNumericalValue(b) - if err != nil { - return token, 0, err - } - - value := b[:n] - vType := IntegerType - if contains(value, '.') || hasExponent(value) { - vType = DecimalType - } - token = newToken(TokenLit, value, vType) - token.base = base - } else if isBoolValue(b) { - n, err = getBoolValue(b) - - token = newToken(TokenLit, b[:n], BoolType) } else { n, err = getValue(b) token = newToken(TokenLit, b[:n], StringType) @@ -280,18 +262,33 @@ func newLitToken(b []rune) (Token, int, error) { } // IntValue returns an integer value -func (v Value) IntValue() int64 { - return v.integer +func (v Value) IntValue() (int64, bool) { + i, err := strconv.ParseInt(string(v.raw), 0, 64) + if err != nil { + return 0, false + } + return i, true } // FloatValue returns a float value -func (v Value) FloatValue() float64 { - return v.decimal +func (v Value) FloatValue() (float64, bool) { + f, err := strconv.ParseFloat(string(v.raw), 64) + if err != nil { + return 0, false + } + return f, true } // BoolValue returns a bool value -func (v Value) BoolValue() bool { - return v.boolean +func (v Value) BoolValue() (bool, bool) { + // we don't use ParseBool as it recognizes more than what we've + // historically supported + if isCaselessLitValue(runesTrue, v.raw) { + return true, true + } else if isCaselessLitValue(runesFalse, v.raw) { + return false, true + } + return false, false } func isTrimmable(r rune) bool { diff --git a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go index 081cf433..1d08e138 100644 --- a/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go +++ b/vendor/github.com/aws/aws-sdk-go/internal/ini/visitor.go @@ -145,17 +145,17 @@ func (t Section) ValueType(k string) (ValueType, bool) { } // Bool returns a bool value at k -func (t Section) Bool(k string) bool { +func (t Section) Bool(k string) (bool, bool) { return t.values[k].BoolValue() } // Int returns an integer value at k -func (t Section) Int(k string) int64 { +func (t Section) Int(k string) (int64, bool) { return t.values[k].IntValue() } // Float64 returns a float value at k -func (t Section) Float64(k string) float64 { +func (t Section) Float64(k string) (float64, bool) { return t.values[k].FloatValue() } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go index 2882d455..01ec8099 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/api.go @@ -67,19 +67,47 @@ func (c *S3) AbortMultipartUploadRequest(input *AbortMultipartUploadInput) (req // AbortMultipartUpload API operation for Amazon Simple Storage Service. // -// This action aborts a multipart upload. After a multipart upload is aborted, +// This operation aborts a multipart upload. After a multipart upload is aborted, // no additional parts can be uploaded using that upload ID. The storage consumed // by any previously uploaded parts will be freed. However, if any part uploads // are currently in progress, those part uploads might or might not succeed. // As a result, it might be necessary to abort a given multipart upload multiple // times in order to completely free all storage consumed by all parts. // -// To verify that all parts have been removed, so you don't get charged for +// To verify that all parts have been removed and prevent getting charged for // the part storage, you should call the ListParts (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html) -// action and ensure that the parts list is empty. +// API operation and ensure that the parts list is empty. // -// For information about permissions required to use the multipart upload, see -// Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to AbortMultipartUpload: // @@ -173,60 +201,93 @@ func (c *S3) CompleteMultipartUploadRequest(input *CompleteMultipartUploadInput) // // You first initiate the multipart upload and then upload all parts using the // UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// operation or the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. After successfully uploading all relevant parts of an upload, -// you call this action to complete the upload. Upon receiving this request, -// Amazon S3 concatenates all the parts in ascending order by part number to -// create a new object. In the Complete Multipart Upload request, you must provide -// the parts list. You must ensure that the parts list is complete. This action -// concatenates the parts that you provide in the list. For each part in the -// list, you must provide the part number and the ETag value, returned after -// that part was uploaded. +// you call this CompleteMultipartUpload operation to complete the upload. Upon +// receiving this request, Amazon S3 concatenates all the parts in ascending +// order by part number to create a new object. In the CompleteMultipartUpload +// request, you must provide the parts list and ensure that the parts list is +// complete. The CompleteMultipartUpload API operation concatenates the parts +// that you provide in the list. For each part in the list, you must provide +// the PartNumber value and the ETag value that are returned after that part +// was uploaded. // -// Processing of a Complete Multipart Upload request could take several minutes -// to complete. After Amazon S3 begins processing the request, it sends an HTTP +// The processing of a CompleteMultipartUpload request could take several minutes +// to finalize. After Amazon S3 begins processing the request, it sends an HTTP // response header that specifies a 200 OK response. While processing is in // progress, Amazon S3 periodically sends white space characters to keep the // connection from timing out. A request could fail after the initial 200 OK // response has been sent. This means that a 200 OK response can contain either -// a success or an error. If you call the S3 API directly, make sure to design -// your application to parse the contents of the response and handle it appropriately. +// a success or an error. The error response might be embedded in the 200 OK +// response. If you call this API operation directly, make sure to design your +// application to parse the contents of the response and handle it appropriately. // If you use Amazon Web Services SDKs, SDKs handle this condition. The SDKs // detect the embedded error and apply error handling per your configuration // settings (including automatically retrying the request as appropriate). If -// the condition persists, the SDKs throws an exception (or, for the SDKs that -// don't use exceptions, they return the error). +// the condition persists, the SDKs throw an exception (or, for the SDKs that +// don't use exceptions, they return an error). // // Note that if CompleteMultipartUpload fails, applications should be prepared // to retry the failed requests. For more information, see Amazon S3 Error Best // Practices (https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html). // -// You cannot use Content-Type: application/x-www-form-urlencoded with Complete -// Multipart Upload requests. Also, if you do not provide a Content-Type header, -// CompleteMultipartUpload returns a 200 OK response. +// You can't use Content-Type: application/x-www-form-urlencoded for the CompleteMultipartUpload +// requests. Also, if you don't provide a Content-Type header, CompleteMultipartUpload +// can still return a 200 OK response. // // For more information about multipart uploads, see Uploading Objects Using -// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// For information about permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// CompleteMultipartUpload has the following special errors: +// Permissions // -// - Error code: EntityTooSmall Description: Your proposed upload is smaller +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Special errors +// +// - Error Code: EntityTooSmall Description: Your proposed upload is smaller // than the minimum allowed object size. Each part must be at least 5 MB -// in size, except the last part. 400 Bad Request +// in size, except the last part. HTTP Status Code: 400 Bad Request // -// - Error code: InvalidPart Description: One or more of the specified parts +// - Error Code: InvalidPart Description: One or more of the specified parts // could not be found. The part might not have been uploaded, or the specified -// entity tag might not have matched the part's entity tag. 400 Bad Request +// ETag might not have matched the uploaded part's ETag. HTTP Status Code: +// 400 Bad Request // -// - Error code: InvalidPartOrder Description: The list of parts was not +// - Error Code: InvalidPartOrder Description: The list of parts was not // in ascending order. The parts list must be specified in order by part -// number. 400 Bad Request +// number. HTTP Status Code: 400 Bad Request // -// - Error code: NoSuchUpload Description: The specified multipart upload +// - Error Code: NoSuchUpload Description: The specified multipart upload // does not exist. The upload ID might be invalid, or the multipart upload -// might have been aborted or completed. 404 Not Found +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CompleteMultipartUpload: // @@ -319,184 +380,108 @@ func (c *S3) CopyObjectRequest(input *CopyObjectInput) (req *request.Request, ou // upload Upload Part - Copy (UploadPartCopy) API. For more information, see // Copy Object Using the REST Multipart Upload API (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html). // -// All copy requests must be authenticated. Additionally, you must have read -// access to the source object and write access to the destination bucket. For -// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). +// You can copy individual objects between general purpose buckets, between +// directory buckets, and between general purpose buckets and directory buckets. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// // Both the Region that you want to copy the object from and the Region that // you want to copy the object to must be enabled for your account. // -// A copy request might return an error when Amazon S3 receives the copy request -// or while Amazon S3 is copying the files. If the error occurs before the copy -// action starts, you receive a standard Amazon S3 error. If the error occurs -// during the copy operation, the error response is embedded in the 200 OK response. -// This means that a 200 OK response can contain either a success or an error. -// If you call the S3 API directly, make sure to design your application to -// parse the contents of the response and handle it appropriately. If you use -// Amazon Web Services SDKs, SDKs handle this condition. The SDKs detect the -// embedded error and apply error handling per your configuration settings (including -// automatically retrying the request as appropriate). If the condition persists, -// the SDKs throws an exception (or, for the SDKs that don't use exceptions, -// they return the error). -// -// If the copy is successful, you receive a response with information about -// the copied object. -// -// If the request is an HTTP 1.1 request, the response is chunk encoded. If -// it were not, it would not contain the content-length, and you would need -// to read the entire body. -// -// The copy request charge is based on the storage class and Region that you -// specify for the destination object. The request can also result in a data -// retrieval charge for the source if the source storage class bills for data -// retrieval. For pricing information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/). -// // Amazon S3 transfer acceleration does not support cross-Region copies. If // you request a cross-Region copy using a transfer acceleration endpoint, you // get a 400 Bad Request error. For more information, see Transfer Acceleration // (https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html). // -// # Metadata +// # Authentication and authorization // -// When copying an object, you can preserve all metadata (the default) or specify -// new metadata. However, the access control list (ACL) is not preserved and -// is set to private for the user making the request. To override the default -// ACL setting, specify a new ACL when generating a copy request. For more information, -// see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). +// All CopyObject requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). // -// To specify whether you want the object metadata copied from the source object -// or replaced with metadata provided in the request, you can optionally add -// the x-amz-metadata-directive header. When you grant permissions, you can -// use the s3:x-amz-metadata-directive condition key to enforce certain metadata -// behavior when objects are uploaded. For more information, see Specifying -// Conditions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) -// in the Amazon S3 User Guide. For a complete list of Amazon S3-specific condition -// keys, see Actions, Resources, and Condition Keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). +// Directory buckets - You must use the IAM credentials to authenticate and +// authorize your access to the CopyObject API operation, instead of using the +// temporary security credentials through the CreateSession API operation. // -// x-amz-website-redirect-location is unique to each object and must be specified -// in the request headers to copy the value. +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. // -// x-amz-copy-source-if Headers +// # Permissions // -// To only copy an object under certain conditions, such as whether the Etag -// matches or whether the object was modified before or after a specified date, -// use the following request parameters: +// You must have read access to the source object and write access to the destination +// bucket. // -// - x-amz-copy-source-if-match +// - General purpose bucket permissions - You must have permissions in an +// IAM policy based on the source and destination bucket types in a CopyObject +// operation. If the source object is in a general purpose bucket, you must +// have s3:GetObject permission to read the source object that is being copied. +// If the destination bucket is a general purpose bucket, you must have s3:PubObject +// permission to write the object copy to the destination bucket. // -// - x-amz-copy-source-if-none-match +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in a CopyObject operation. If the source object that you +// want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object. By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key can't be set to ReadOnly on the copy destination bucket. +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. // -// - x-amz-copy-source-if-unmodified-since +// # Response and special errors // -// - x-amz-copy-source-if-modified-since +// When the request is an HTTP 1.1 request, the response is chunk encoded. When +// the request is not an HTTP 1.1 request, the response would not contain the +// Content-Length. You always need to read the entire response body to check +// if the copy succeeds. to keep the connection alive while we copy the data. // -// If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// 200 OK and copies the data: +// - If the copy is successful, you receive a response with information about +// the copied object. // -// - x-amz-copy-source-if-match condition evaluates to true +// - A copy request might return an error when Amazon S3 receives the copy +// request or while Amazon S3 is copying the files. A 200 OK response can +// contain either a success or an error. If the error occurs before the copy +// action starts, you receive a standard Amazon S3 error. If the error occurs +// during the copy operation, the error response is embedded in the 200 OK +// response. For example, in a cross-region copy, you may encounter throttling +// and receive a 200 OK response. For more information, see Resolve the Error +// 200 response when copying objects to Amazon S3 (repost.aws/knowledge-center/s3-resolve-200-internalerror). +// The 200 OK status code means the copy was accepted, but it doesn't mean +// the copy is complete. Another example is when you disconnect from Amazon +// S3 before the copy is complete, Amazon S3 might cancel the copy and you +// may receive a 200 OK response. You must stay connected to Amazon S3 until +// the entire response is successfully received and processed. If you call +// this API operation directly, make sure to design your application to parse +// the content of the response and handle it appropriately. If you use Amazon +// Web Services SDKs, SDKs handle this condition. The SDKs detect the embedded +// error and apply error handling per your configuration settings (including +// automatically retrying the request as appropriate). If the condition persists, +// the SDKs throw an exception (or, for the SDKs that don't use exceptions, +// they return an error). // -// - x-amz-copy-source-if-unmodified-since condition evaluates to false +// # Charge // -// If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since -// headers are present in the request and evaluate as follows, Amazon S3 returns -// the 412 Precondition Failed response code: +// The copy request charge is based on the storage class and Region that you +// specify for the destination object. The request can also result in a data +// retrieval charge for the source if the source storage class bills for data +// retrieval. For pricing information, see Amazon S3 pricing (http://aws.amazon.com/s3/pricing/). // -// - x-amz-copy-source-if-none-match condition evaluates to false +// # HTTP Host header syntax // -// - x-amz-copy-source-if-modified-since condition evaluates to true -// -// All headers with the x-amz- prefix, including x-amz-copy-source, must be -// signed. -// -// # Server-side encryption -// -// Amazon S3 automatically encrypts all new objects that are copied to an S3 -// bucket. When copying an object, if you don't specify encryption information -// in your copy request, the encryption setting of the target object is set -// to the default encryption configuration of the destination bucket. By default, -// all buckets have a base level of encryption configuration that uses server-side -// encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket -// has a default encryption configuration that uses server-side encryption with -// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption -// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with -// customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding -// KMS key, or a customer-provided key to encrypt the target object copy. -// -// When you perform a CopyObject operation, if you want to use a different type -// of encryption setting for the target object, you can use other appropriate -// encryption-related headers to encrypt the target object with a KMS key, an -// Amazon S3 managed key, or a customer-provided key. With server-side encryption, -// Amazon S3 encrypts your data as it writes your data to disks in its data -// centers and decrypts the data when you access it. If the encryption setting -// in your request is different from the default encryption configuration of -// the destination bucket, the encryption setting in your request takes precedence. -// If the source object for the copy is stored in Amazon S3 using SSE-C, you -// must provide the necessary encryption information in your request so that -// Amazon S3 can decrypt the object for copying. For more information about -// server-side encryption, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). -// -// If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the -// object. For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. -// -// # Access Control List (ACL)-Specific Request Headers -// -// When copying an object, you can optionally use headers to grant ACL-based -// permissions. By default, all objects are private. Only the owner has full -// access control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups that are defined by -// Amazon S3. These permissions are then added to the ACL on the object. For -// more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). -// -// If the bucket that you're copying objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. -// Buckets that use this setting only accept PUT requests that don't specify -// an ACL or PUT requests that specify bucket owner full control ACLs, such -// as the bucket-owner-full-control canned ACL or an equivalent form of this -// ACL expressed in the XML format. -// -// For more information, see Controlling ownership of objects and disabling -// ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// If your bucket uses the bucket owner enforced setting for Object Ownership, -// all objects written to the bucket by any account will be owned by the bucket -// owner. -// -// # Checksums -// -// When copying an object, if it has a checksum, that checksum will be copied -// to the new object by default. When you copy the object over, you can optionally -// specify a different checksum algorithm to use with the x-amz-checksum-algorithm -// header. -// -// # Storage Class Options -// -// You can use the CopyObject action to change the storage class of an object -// that is already stored in Amazon S3 by using the StorageClass parameter. -// For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. -// -// If the source object's storage class is GLACIER, you must restore a copy -// of this object before you can use it as a source object for the copy operation. -// For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// For more information, see Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html). -// -// # Versioning -// -// By default, x-amz-copy-source header identifies the current version of an -// object to copy. If the current version is a delete marker, Amazon S3 behaves -// as if the object was deleted. To copy a different version, use the versionId -// subresource. -// -// If you enable versioning on the target bucket, Amazon S3 generates a unique -// version ID for the object being copied. This version ID is different from -// the version ID of the source object. Amazon S3 returns the version ID of -// the copied object in the x-amz-version-id response header in the response. -// -// If you do not enable versioning or suspend it on the target bucket, the version -// ID that Amazon S3 generates is always null. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CopyObject: // @@ -581,78 +566,90 @@ func (c *S3) CreateBucketRequest(input *CreateBucketInput) (req *request.Request // CreateBucket API operation for Amazon Simple Storage Service. // -// Creates a new S3 bucket. To create a bucket, you must register with Amazon -// S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. +// This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts +// bucket, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). +// +// Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and +// have a valid Amazon Web Services Access Key ID to authenticate requests. // Anonymous requests are never allowed to create buckets. By creating the bucket, // you become the bucket owner. // -// Not every string is an acceptable bucket name. For information about bucket -// naming restrictions, see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html). -// -// If you want to create an Amazon S3 on Outposts bucket, see Create Bucket -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html). -// -// By default, the bucket is created in the US East (N. Virginia) Region. You -// can optionally specify a Region in the request body. You might choose a Region -// to optimize latency, minimize costs, or address regulatory requirements. -// For example, if you reside in Europe, you will probably find it advantageous -// to create buckets in the Europe (Ireland) Region. For more information, see -// Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro). -// -// If you send your create bucket request to the s3.amazonaws.com endpoint, -// the request goes to the us-east-1 Region. Accordingly, the signature calculations -// in Signature Version 4 must use us-east-1 as the Region, even if the location -// constraint in the request specifies another Region where the bucket is to -// be created. If you create a bucket in a Region other than US East (N. Virginia), -// your application must be able to handle 307 redirect. For more information, -// see Virtual hosting of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html). -// -// # Permissions -// -// In addition to s3:CreateBucket, the following permissions are required when -// your CreateBucket request includes specific headers: -// -// - Access control lists (ACLs) - If your CreateBucket request specifies -// access control list (ACL) permissions and the ACL is public-read, public-read-write, -// authenticated-read, or if you specify access permissions explicitly through -// any other ACL, both s3:CreateBucket and s3:PutBucketAcl permissions are -// needed. If the ACL for the CreateBucket request is private or if the request -// doesn't specify any ACLs, only s3:CreateBucket permission is needed. -// -// - Object Lock - If ObjectLockEnabledForBucket is set to true in your CreateBucket -// request, s3:PutBucketObjectLockConfiguration and s3:PutBucketVersioning -// permissions are required. -// -// - S3 Object Ownership - If your CreateBucket request includes the x-amz-object-ownership -// header, then the s3:PutBucketOwnershipControls permission is required. -// By default, ObjectOwnership is set to BucketOWnerEnforced and ACLs are -// disabled. We recommend keeping ACLs disabled, except in uncommon use cases -// where you must control access for each object individually. If you want -// to change the ObjectOwnership setting, you can use the x-amz-object-ownership -// header in your CreateBucket request to set the ObjectOwnership setting -// of your choice. For more information about S3 Object Ownership, see Controlling -// object ownership (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// - S3 Block Public Access - If your specific use case requires granting -// public access to your S3 resources, you can disable Block Public Access. -// You can create a new bucket with Block Public Access enabled, then separately -// call the DeletePublicAccessBlock (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) -// API. To use this operation, you must have the s3:PutBucketPublicAccessBlock -// permission. By default, all Block Public Access settings are enabled for -// new buckets. To avoid inadvertent exposure of your resources, we recommend -// keeping the S3 Block Public Access settings enabled. For more information -// about S3 Block Public Access, see Blocking public access to your Amazon -// S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. -// -// If your CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object -// Ownership and specifies a bucket ACL that provides access to an external -// Amazon Web Services account, your request fails with a 400 error and returns -// the InvalidBucketAcLWithObjectOwnership error code. For more information, -// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) +// There are two types of buckets: general purpose buckets and directory buckets. +// For more information about these bucket types, see Creating, configuring, +// and working with Amazon S3 buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html) // in the Amazon S3 User Guide. // +// - General purpose buckets - If you send your CreateBucket request to the +// s3.amazonaws.com global endpoint, the request goes to the us-east-1 Region. +// So the signature calculations in Signature Version 4 must use us-east-1 +// as the Region, even if the location constraint in the request specifies +// another Region where the bucket is to be created. If you create a bucket +// in a Region other than US East (N. Virginia), your application must be +// able to handle 307 redirect. For more information, see Virtual hosting +// of buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html) +// in the Amazon S3 User Guide. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - In addition to the s3:CreateBucket +// permission, the following permissions are required in a policy when your +// CreateBucket request includes specific headers: Access control lists (ACLs) +// +// - In your CreateBucket request, if you specify an access control list +// (ACL) and set it to public-read, public-read-write, authenticated-read, +// or if you explicitly specify any other custom ACLs, both s3:CreateBucket +// and s3:PutBucketAcl permissions are required. In your CreateBucket request, +// if you set the ACL to private, or if you don't specify any ACLs, only +// the s3:CreateBucket permission is required. Object Lock - In your CreateBucket +// request, if you set x-amz-bucket-object-lock-enabled to true, the s3:PutBucketObjectLockConfiguration +// and s3:PutBucketVersioning permissions are required. S3 Object Ownership +// +// - If your CreateBucket request includes the x-amz-object-ownership header, +// then the s3:PutBucketOwnershipControls permission is required. If your +// CreateBucket request sets BucketOwnerEnforced for Amazon S3 Object Ownership +// and specifies a bucket ACL that provides access to an external Amazon +// Web Services account, your request fails with a 400 error and returns +// the InvalidBucketAcLWithObjectOwnership error code. For more information, +// see Setting Object Ownership on an existing bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-existing-bucket.html) +// in the Amazon S3 User Guide. S3 Block Public Access - If your specific +// use case requires granting public access to your S3 resources, you can +// disable Block Public Access. Specifically, you can create a new bucket +// with Block Public Access enabled, then separately call the DeletePublicAccessBlock +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html) +// API. To use this operation, you must have the s3:PutBucketPublicAccessBlock +// permission. For more information about S3 Block Public Access, see Blocking +// public access to your Amazon S3 storage (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - You must have the s3express:CreateBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. The permissions for ACLs, Object Lock, S3 +// Object Ownership, and S3 Block Public Access are not supported for directory +// buckets. For directory buckets, all Block Public Access settings are enabled +// at the bucket level and S3 Object Ownership is set to Bucket owner enforced +// (ACLs disabled). These settings can't be modified. For more information +// about permissions for creating and working with directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. For more information about supported S3 features +// for directory buckets, see Features of S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// // The following operations are related to CreateBucket: // // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) @@ -749,164 +746,139 @@ func (c *S3) CreateMultipartUploadRequest(input *CreateMultipartUploadInput) (re // You specify this upload ID in each of your subsequent upload part requests // (see UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html)). // You also include this upload ID in the final request to either complete or -// abort the multipart upload request. +// abort the multipart upload request. For more information about multipart +// uploads, see Multipart Upload Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) +// in the Amazon S3 User Guide. // -// For more information about multipart uploads, see Multipart Upload Overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html). +// After you initiate a multipart upload and upload one or more parts, to stop +// being charged for storing the uploaded parts, you must either complete or +// abort the multipart upload. Amazon S3 frees up the space used to store the +// parts and stops charging you for storing them only after you either complete +// or abort a multipart upload. // // If you have configured a lifecycle rule to abort incomplete multipart uploads, -// the upload must complete within the number of days specified in the bucket -// lifecycle configuration. Otherwise, the incomplete multipart upload becomes -// eligible for an abort action and Amazon S3 aborts the multipart upload. For -// more information, see Aborting Incomplete Multipart Uploads Using a Bucket -// Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). +// the created multipart upload must be completed within the number of days +// specified in the bucket lifecycle configuration. Otherwise, the incomplete +// multipart upload becomes eligible for an abort action and Amazon S3 aborts +// the multipart upload. For more information, see Aborting Incomplete Multipart +// Uploads Using a Bucket Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). // -// For information about the permissions required to use the multipart upload -// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// - Directory buckets - S3 Lifecycle is not supported by directory buckets. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Request signing // // For request signing, multipart upload is just a series of regular requests. // You initiate a multipart upload, send one or more requests to upload parts, // and then complete the multipart upload process. You sign each request individually. // There is nothing special about signing multipart upload requests. For more // information about signing, see Authenticating Requests (Amazon Web Services -// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). -// -// After you initiate a multipart upload and upload one or more parts, to stop -// being charged for storing the uploaded parts, you must either complete or -// abort the multipart upload. Amazon S3 frees up the space used to store the -// parts and stop charging you for storing them only after you either complete -// or abort a multipart upload. -// -// Server-side encryption is for data encryption at rest. Amazon S3 encrypts -// your data as it writes it to disks in its data centers and decrypts it when -// you access it. Amazon S3 automatically encrypts all new objects that are -// uploaded to an S3 bucket. When doing a multipart upload, if you don't specify -// encryption information in your request, the encryption setting of the uploaded -// parts is set to the default encryption configuration of the destination bucket. -// By default, all buckets have a base level of encryption configuration that -// uses server-side encryption with Amazon S3 managed keys (SSE-S3). If the -// destination bucket has a default encryption configuration that uses server-side -// encryption with an Key Management Service (KMS) key (SSE-KMS), or a customer-provided -// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a customer-provided -// key to encrypt the uploaded parts. When you perform a CreateMultipartUpload -// operation, if you want to use a different type of encryption setting for -// the uploaded parts, you can request that Amazon S3 encrypts the object with -// a KMS key, an Amazon S3 managed key, or a customer-provided key. If the encryption -// setting in your request is different from the default encryption configuration -// of the destination bucket, the encryption setting in your request takes precedence. -// If you choose to provide your own encryption key, the request headers you -// provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) -// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) -// requests must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload. You can request that Amazon S3 save the uploaded -// parts encrypted with server-side encryption with an Amazon S3 managed key -// (SSE-S3), an Key Management Service (KMS) key (SSE-KMS), or a customer-provided -// encryption key (SSE-C). -// -// To perform a multipart upload with encryption by using an Amazon Web Services -// KMS key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* -// actions on the key. These permissions are required because Amazon S3 must -// decrypt and read data from the encrypted file parts before it completes the -// multipart upload. For more information, see Multipart upload API and permissions -// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) -// and Protecting data using server-side encryption with Amazon Web Services -// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) // in the Amazon S3 User Guide. // -// If your Identity and Access Management (IAM) user or role is in the same -// Amazon Web Services account as the KMS key, then you must have these permissions -// on the key policy. If your IAM user or role belongs to a different account -// than the key, then you must have the permissions on both the key policy and -// your IAM user or role. +// Permissions // -// For more information, see Protecting Data Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html). +// - General purpose bucket permissions - For information about the permissions +// required to use the multipart upload API, see Multipart upload and permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. To perform a multipart upload with encryption +// by using an Amazon Web Services KMS key, the requester must have permission +// to the kms:Decrypt and kms:GenerateDataKey* actions on the key. These +// permissions are required because Amazon S3 must decrypt and read data +// from the encrypted file parts before it completes the multipart upload. +// For more information, see Multipart upload API and permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. // -// # Access Permissions +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). // -// When copying an object, you can optionally specify the accounts or groups -// that should be granted specific permissions on the new object. There are -// two ways to grant the permissions using the request headers: +// Encryption // -// - Specify a canned ACL with the x-amz-acl request header. For more information, -// see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, -// x-amz-grant-write-acp, and x-amz-grant-full-control headers. These parameters -// map to the set of permissions that Amazon S3 supports in an ACL. For more -// information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// -// You can use either a canned ACL or specify access permissions explicitly. -// You cannot do both. -// -// # Server-Side- Encryption-Specific Request Headers -// -// Amazon S3 encrypts data by using server-side encryption with an Amazon S3 -// managed key (SSE-S3) by default. Server-side encryption is for data encryption -// at rest. Amazon S3 encrypts your data as it writes it to disks in its data -// centers and decrypts it when you access it. You can request that Amazon S3 -// encrypts data at rest by using server-side encryption with other key options. -// The option you use depends on whether you want to use KMS keys (SSE-KMS) -// or provide your own encryption keys (SSE-C). -// -// - Use KMS keys (SSE-KMS) that include the Amazon Web Services managed +// - General purpose buckets - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. Amazon S3 automatically +// encrypts all new objects that are uploaded to an S3 bucket. When doing +// a multipart upload, if you don't specify encryption information in your +// request, the encryption setting of the uploaded parts is set to the default +// encryption configuration of the destination bucket. By default, all buckets +// have a base level of encryption configuration that uses server-side encryption +// with Amazon S3 managed keys (SSE-S3). If the destination bucket has a +// default encryption configuration that uses server-side encryption with +// an Key Management Service (KMS) key (SSE-KMS), or a customer-provided +// encryption key (SSE-C), Amazon S3 uses the corresponding KMS key, or a +// customer-provided key to encrypt the uploaded parts. When you perform +// a CreateMultipartUpload operation, if you want to use a different type +// of encryption setting for the uploaded parts, you can request that Amazon +// S3 encrypts the object with a different encryption key (such as an Amazon +// S3 managed key, a KMS key, or a customer-provided key). When the encryption +// setting in your request is different from the default encryption configuration +// of the destination bucket, the encryption setting in your request takes +// precedence. If you choose to provide your own encryption key, the request +// headers you provide in UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// and UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// requests must match the headers you used in the CreateMultipartUpload +// request. Use KMS keys (SSE-KMS) that include the Amazon Web Services managed // key (aws/s3) and KMS customer managed keys stored in Key Management Service // (KMS) – If you want Amazon Web Services to manage the keys used to encrypt // data, specify the following headers in the request. x-amz-server-side-encryption // x-amz-server-side-encryption-aws-kms-key-id x-amz-server-side-encryption-context // If you specify x-amz-server-side-encryption:aws:kms, but don't provide // x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses the Amazon -// Web Services managed key (aws/s3 key) in KMS to protect the data. All -// GET and PUT requests for an object protected by KMS fail if you don't -// make them by using Secure Sockets Layer (SSL), Transport Layer Security -// (TLS), or Signature Version 4. For more information about server-side -// encryption with KMS keys (SSE-KMS), see Protecting Data Using Server-Side -// Encryption with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html). +// Web Services managed key (aws/s3 key) in KMS to protect the data. To perform +// a multipart upload with encryption by using an Amazon Web Services KMS +// key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey* +// actions on the key. These permissions are required because Amazon S3 must +// decrypt and read data from the encrypted file parts before it completes +// the multipart upload. For more information, see Multipart upload API and +// permissions (https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions) +// and Protecting data using server-side encryption with Amazon Web Services +// KMS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. If your Identity and Access Management (IAM) +// user or role is in the same Amazon Web Services account as the KMS key, +// then you must have these permissions on the key policy. If your IAM user +// or role is in a different account from the key, then you must have the +// permissions on both the key policy and your IAM user or role. All GET +// and PUT requests for an object protected by KMS fail if you don't make +// them by using Secure Sockets Layer (SSL), Transport Layer Security (TLS), +// or Signature Version 4. For information about configuring any of the officially +// supported Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying +// the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) +// in the Amazon S3 User Guide. For more information about server-side encryption +// with KMS keys (SSE-KMS), see Protecting Data Using Server-Side Encryption +// with KMS keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) +// in the Amazon S3 User Guide. Use customer-provided encryption keys (SSE-C) +// – If you want to manage your own encryption keys, provide all the following +// headers in the request. x-amz-server-side-encryption-customer-algorithm +// x-amz-server-side-encryption-customer-key x-amz-server-side-encryption-customer-key-MD5 +// For more information about server-side encryption with customer-provided +// encryption keys (SSE-C), see Protecting data using server-side encryption +// with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. // -// - Use customer-provided encryption keys (SSE-C) – If you want to manage -// your own encryption keys, provide all the following headers in the request. -// x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key -// x-amz-server-side-encryption-customer-key-MD5 For more information about -// server-side encryption with customer-provided encryption keys (SSE-C), -// see Protecting data using server-side encryption with customer-provided -// encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html). +// - Directory buckets -For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// # Access-Control-List (ACL)-Specific Request Headers +// # HTTP Host header syntax // -// You also can use the following access control–related headers with this -// operation. By default, all objects are private. Only the owner has full access -// control. When adding a new object, you can grant permissions to individual -// Amazon Web Services accounts or to predefined groups defined by Amazon S3. -// These permissions are then added to the access control list (ACL) on the -// object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// With this operation, you can grant access permissions using one of the following -// two methods: -// -// - Specify a canned ACL (x-amz-acl) — Amazon S3 supports a set of predefined -// ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees -// and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). -// -// - Specify access permissions explicitly — To explicitly grant access -// permissions to specific Amazon Web Services accounts or groups, use the -// following headers. Each header maps to specific permissions that Amazon -// S3 supports in an ACL. For more information, see Access Control List (ACL) -// Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). -// In the header, you specify a list of grantees who get the specific permission. -// To grant permissions explicitly, use: x-amz-grant-read x-amz-grant-write -// x-amz-grant-read-acp x-amz-grant-write-acp x-amz-grant-full-control You -// specify each grantee as a type=value pair, where the type is one of the -// following: id – if the value specified is the canonical user ID of an -// Amazon Web Services account uri – if you are granting permissions to -// a predefined group emailAddress – if the value specified is the email -// address of an Amazon Web Services account Using email addresses to specify -// a grantee is only supported in the following Amazon Web Services Regions: -// US East (N. Virginia) US West (N. California) US West (Oregon) Asia Pacific -// (Singapore) Asia Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) -// South America (São Paulo) For a list of all the Amazon S3 supported Regions -// and endpoints, see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) -// in the Amazon Web Services General Reference. For example, the following -// x-amz-grant-read header grants the Amazon Web Services accounts identified -// by account IDs permissions to read object data and its metadata: x-amz-grant-read: -// id="11112222333", id="444455556666" +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to CreateMultipartUpload: // @@ -948,6 +920,152 @@ func (c *S3) CreateMultipartUploadWithContext(ctx aws.Context, input *CreateMult return out, req.Send() } +const opCreateSession = "CreateSession" + +// CreateSessionRequest generates a "aws/request.Request" representing the +// client's request for the CreateSession operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateSession for more information on using the CreateSession +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateSessionRequest method. +// req, resp := client.CreateSessionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSessionRequest(input *CreateSessionInput) (req *request.Request, output *CreateSessionOutput) { + op := &request.Operation{ + Name: opCreateSession, + HTTPMethod: "GET", + HTTPPath: "/{Bucket}?session", + } + + if input == nil { + input = &CreateSessionInput{} + } + + output = &CreateSessionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateSession API operation for Amazon Simple Storage Service. +// +// Creates a session that establishes temporary security credentials to support +// fast authentication and authorization for the Zonal endpoint APIs on directory +// buckets. For more information about Zonal endpoint APIs that include the +// Availability Zone in the request endpoint, see S3 Express One Zone APIs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html) +// in the Amazon S3 User Guide. +// +// To make Zonal endpoint API requests on a directory bucket, use the CreateSession +// API operation. Specifically, you grant s3express:CreateSession permission +// to a bucket in a bucket policy or an IAM identity-based policy. Then, you +// use IAM credentials to make the CreateSession API request on the bucket, +// which returns temporary security credentials that include the access key +// ID, secret access key, session token, and expiration. These credentials have +// associated permissions to access the Zonal endpoint APIs. After the session +// is created, you don’t need to use other policies to grant permissions to +// each Zonal endpoint API individually. Instead, in your Zonal endpoint API +// requests, you sign your requests by applying the temporary security credentials +// of the session to the request headers and following the SigV4 protocol for +// authentication. You also apply the session token to the x-amz-s3session-token +// request header for authorization. Temporary security credentials are scoped +// to the bucket and expire after 5 minutes. After the expiration time, any +// calls that you make with those credentials will fail. You must use IAM credentials +// again to make a CreateSession API request that generates a new set of temporary +// credentials for use. Temporary credentials cannot be extended or refreshed +// beyond the original specified interval. +// +// If you use Amazon Web Services SDKs, SDKs handle the session token refreshes +// automatically to avoid service interruptions when a session expires. We recommend +// that you use the Amazon Web Services SDKs to initiate and manage requests +// to the CreateSession API. For more information, see Performance guidelines +// and design patterns (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication) +// in the Amazon S3 User Guide. +// +// - You must make requests for this API operation to the Zonal endpoint. +// These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com. +// Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// - CopyObject API operation - Unlike other Zonal endpoint APIs, the CopyObject +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the CopyObject +// API operation on directory buckets, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html). +// +// - HeadBucket API operation - Unlike other Zonal endpoint APIs, the HeadBucket +// API operation doesn't use the temporary security credentials returned +// from the CreateSession API operation for authentication and authorization. +// For information about authentication and authorization of the HeadBucket +// API operation on directory buckets, see HeadBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html). +// +// # Permissions +// +// To obtain temporary security credentials, you must create a bucket policy +// or an IAM identity-based policy that grants s3express:CreateSession permission +// to the bucket. In a policy, you can have the s3express:SessionMode condition +// key to control who can create a ReadWrite or ReadOnly session. For more information +// about ReadWrite or ReadOnly sessions, see x-amz-create-session-mode (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters). +// For example policies, see Example bucket policies for S3 Express One Zone +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// To grant cross-account access to Zonal endpoint APIs, the bucket policy should +// also grant both accounts the s3express:CreateSession permission. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation CreateSession for usage and error information. +// +// Returned Error Codes: +// - ErrCodeNoSuchBucket "NoSuchBucket" +// The specified bucket does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/CreateSession +func (c *S3) CreateSession(input *CreateSessionInput) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + return out, req.Send() +} + +// CreateSessionWithContext is the same as CreateSession with the addition of +// the ability to pass a context and additional request options. +// +// See CreateSession for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) CreateSessionWithContext(ctx aws.Context, input *CreateSessionInput, opts ...request.Option) (*CreateSessionOutput, error) { + req, out := c.CreateSessionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteBucket = "DeleteBucket" // DeleteBucketRequest generates a "aws/request.Request" representing the @@ -995,6 +1113,35 @@ func (c *S3) DeleteBucketRequest(input *DeleteBucketInput) (req *request.Request // Deletes the S3 bucket. All objects (including all object versions and delete // markers) in the bucket must be deleted before the bucket itself can be deleted. // +// - Directory buckets - If multipart uploads in a directory bucket are in +// progress, you can't delete the bucket until all the in-progress multipart +// uploads are aborted or completed. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, +// see Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - You must have the s3:DeleteBucket +// permission on the specified bucket in a policy. +// +// - Directory bucket permissions - You must have the s3express:DeleteBucket +// permission in an IAM identity-based policy instead of a bucket policy. +// Cross-account access to this API operation isn't supported. This operation +// can only be performed by the Amazon Web Services account that owns the +// resource. For more information about directory bucket policies and permissions, +// see Amazon Web Services Identity and Access Management (IAM) for S3 Express +// One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// // The following operations are related to DeleteBucket: // // - CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) @@ -1073,6 +1220,8 @@ func (c *S3) DeleteBucketAnalyticsConfigurationRequest(input *DeleteBucketAnalyt // DeleteBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an analytics configuration for the bucket (specified by the analytics // configuration ID). // @@ -1165,6 +1314,8 @@ func (c *S3) DeleteBucketCorsRequest(input *DeleteBucketCorsInput) (req *request // DeleteBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the cors configuration information set for the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketCORS @@ -1252,6 +1403,8 @@ func (c *S3) DeleteBucketEncryptionRequest(input *DeleteBucketEncryptionInput) ( // DeleteBucketEncryption API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the DELETE action resets the default encryption for // the bucket as server-side encryption with Amazon S3 managed keys (SSE-S3). // For information about the bucket default encryption feature, see Amazon S3 @@ -1343,6 +1496,8 @@ func (c *S3) DeleteBucketIntelligentTieringConfigurationRequest(input *DeleteBuc // DeleteBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -1442,6 +1597,8 @@ func (c *S3) DeleteBucketInventoryConfigurationRequest(input *DeleteBucketInvent // DeleteBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes an inventory configuration (identified by the inventory ID) from // the bucket. // @@ -1534,6 +1691,8 @@ func (c *S3) DeleteBucketLifecycleRequest(input *DeleteBucketLifecycleInput) (re // DeleteBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the lifecycle configuration from the specified bucket. Amazon S3 // removes all the lifecycle configuration rules in the lifecycle subresource // associated with the bucket. Your objects never expire, and Amazon S3 no longer @@ -1628,6 +1787,8 @@ func (c *S3) DeleteBucketMetricsConfigurationRequest(input *DeleteBucketMetricsC // DeleteBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes a metrics configuration for the Amazon CloudWatch request metrics // (specified by the metrics configuration ID) from the bucket. Note that this // doesn't include the daily storage metrics. @@ -1723,6 +1884,8 @@ func (c *S3) DeleteBucketOwnershipControlsRequest(input *DeleteBucketOwnershipCo // DeleteBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:PutBucketOwnershipControls permission. For more information // about Amazon S3 permissions, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). @@ -1808,11 +1971,21 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // DeleteBucketPolicy API operation for Amazon Simple Storage Service. // -// This implementation of the DELETE action uses the policy subresource to delete -// the policy of a specified bucket. If you are using an identity other than -// the root user of the Amazon Web Services account that owns the bucket, the -// calling identity must have the DeleteBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account to use this operation. +// Deletes the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the DeleteBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403 // Access Denied error. If you have the correct permissions, but you're not @@ -1827,8 +2000,23 @@ func (c *S3) DeleteBucketPolicyRequest(input *DeleteBucketPolicyInput) (req *req // these API actions by VPC endpoint policies and Amazon Web Services Organizations // policies. // -// For more information about bucket policies, see Using Bucket Policies and -// UserPolicies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// - General purpose bucket permissions - The s3:DeleteBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:DeleteBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to DeleteBucketPolicy // @@ -1908,6 +2096,8 @@ func (c *S3) DeleteBucketReplicationRequest(input *DeleteBucketReplicationInput) // DeleteBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the replication configuration from the bucket. // // To use this operation, you must have permissions to perform the s3:PutReplicationConfiguration @@ -2000,6 +2190,8 @@ func (c *S3) DeleteBucketTaggingRequest(input *DeleteBucketTaggingInput) (req *r // DeleteBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Deletes the tags from the bucket. // // To use this operation, you must have permission to perform the s3:PutBucketTagging @@ -2084,6 +2276,8 @@ func (c *S3) DeleteBucketWebsiteRequest(input *DeleteBucketWebsiteInput) (req *r // DeleteBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action removes the website configuration for a bucket. Amazon S3 returns // a 200 OK response upon successfully deleting a website configuration on the // specified bucket. You will get a 200 OK response if the website configuration @@ -2176,31 +2370,79 @@ func (c *S3) DeleteObjectRequest(input *DeleteObjectInput) (req *request.Request // DeleteObject API operation for Amazon Simple Storage Service. // -// Removes the null version (if there is one) of an object and inserts a delete -// marker, which becomes the latest version of the object. If there isn't a -// null version, Amazon S3 does not remove any objects but will still respond -// that the command was successful. +// Removes an object from a bucket. The behavior depends on the bucket's versioning +// state: // -// To remove a specific version, you must use the version Id subresource. Using -// this subresource permanently deletes the version. If the object deleted is -// a delete marker, Amazon S3 sets the response header, x-amz-delete-marker, +// - If versioning is enabled, the operation removes the null version (if +// there is one) of an object and inserts a delete marker, which becomes +// the latest version of the object. If there isn't a null version, Amazon +// S3 does not remove any objects but will still respond that the command +// was successful. +// +// - If versioning is suspended or not enabled, the operation permanently +// deletes the object. +// +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// To remove a specific version, you must use the versionId query parameter. +// Using this query parameter permanently deletes the version. If the object +// deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker // to true. // // If the object you want to delete is in a bucket where the bucket versioning // configuration is MFA Delete enabled, you must include the x-amz-mfa request // header in the DELETE versionId request. Requests that include x-amz-mfa must -// use HTTPS. +// use HTTPS. For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html) +// in the Amazon S3 User Guide. To see sample requests that use versioning, +// see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). // -// For more information about MFA Delete, see Using MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html). -// To see sample requests that use versioning, see Sample Request (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectDELETE.html#ExampleVersionObjectDelete). +// Directory buckets - MFA delete is not supported by directory buckets. // -// You can delete objects by explicitly calling DELETE Object or configure its -// lifecycle (PutBucketLifecycle (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) +// You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycle.html)) // to enable Amazon S3 to remove them for you. If you want to block users or // accounts from removing or deleting objects from your bucket, you must deny // them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration // actions. // +// Directory buckets - S3 Lifecycle is not supported by directory buckets. +// +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always have +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versiong-enabled bucket, you must have the +// s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. +// // The following action is related to DeleteObject: // // - PutObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html) @@ -2276,6 +2518,8 @@ func (c *S3) DeleteObjectTaggingRequest(input *DeleteObjectTaggingInput) (req *r // DeleteObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the entire tag set from the specified object. For more information // about managing object tags, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). // @@ -2367,36 +2611,82 @@ func (c *S3) DeleteObjectsRequest(input *DeleteObjectsInput) (req *request.Reque // DeleteObjects API operation for Amazon Simple Storage Service. // -// This action enables you to delete multiple objects from a bucket using a -// single HTTP request. If you know the object keys that you want to delete, -// then this action provides a suitable alternative to sending individual delete -// requests, reducing per-request overhead. +// This operation enables you to delete multiple objects from a bucket using +// a single HTTP request. If you know the object keys that you want to delete, +// then this operation provides a suitable alternative to sending individual +// delete requests, reducing per-request overhead. // -// The request contains a list of up to 1000 keys that you want to delete. In -// the XML, you provide the object key names, and optionally, version IDs if -// you want to delete a specific version of the object from a versioning-enabled -// bucket. For each key, Amazon S3 performs a delete action and returns the -// result of that delete, success, or failure, in the response. Note that if +// The request can contain a list of up to 1000 keys that you want to delete. +// In the XML, you provide the object key names, and optionally, version IDs +// if you want to delete a specific version of the object from a versioning-enabled +// bucket. For each key, Amazon S3 performs a delete operation and returns the +// result of that delete, success or failure, in the response. Note that if // the object specified in the request is not found, Amazon S3 returns the result // as deleted. // -// The action supports two modes for the response: verbose and quiet. By default, -// the action uses verbose mode in which the response includes the result of -// deletion of each key in your request. In quiet mode the response includes -// only keys where the delete action encountered an error. For a successful -// deletion, the action does not return any information about the delete in -// the response body. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// The operation supports two modes for the response: verbose and quiet. By +// default, the operation uses verbose mode in which the response includes the +// result of deletion of each key in your request. In quiet mode the response +// includes only keys where the delete operation encountered an error. For a +// successful deletion in a quiet mode, the operation does not return any information +// about the delete in the response body. // // When performing this action on an MFA Delete enabled bucket, that attempts // to delete any versioned objects, you must include an MFA token. If you do // not provide one, the entire request will fail, even if there are non-versioned // objects you are trying to delete. If you provide an invalid token, whether // there are versioned keys in the request or not, the entire Multi-Object Delete -// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete). +// request will fail. For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) +// in the Amazon S3 User Guide. // -// Finally, the Content-MD5 header is required for all Multi-Object Delete requests. -// Amazon S3 uses the header value to ensure that your request body has not -// been altered in transit. +// Directory buckets - MFA delete is not supported by directory buckets. +// +// Permissions +// +// - General purpose bucket permissions - The following permissions are required +// in your policies when your DeleteObjects request includes specific headers. +// s3:DeleteObject - To delete an object from a bucket, you must always specify +// the s3:DeleteObject permission. s3:DeleteObjectVersion - To delete a specific +// version of an object from a versiong-enabled bucket, you must specify +// the s3:DeleteObjectVersion permission. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Content-MD5 request header +// +// - General purpose bucket - The Content-MD5 request header is required +// for all Multi-Object Delete requests. Amazon S3 uses the header value +// to ensure that your request body has not been altered in transit. +// +// - Directory bucket - The Content-MD5 request header or a additional checksum +// request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, +// x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object +// Delete requests. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to DeleteObjects: // @@ -2482,6 +2772,8 @@ func (c *S3) DeletePublicAccessBlockRequest(input *DeletePublicAccessBlockInput) // DeletePublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Removes the PublicAccessBlock configuration for an Amazon S3 bucket. To use // this operation, you must have the s3:PutBucketPublicAccessBlock permission. // For more information about permissions, see Permissions Related to Bucket @@ -2569,6 +2861,8 @@ func (c *S3) GetBucketAccelerateConfigurationRequest(input *GetBucketAccelerateC // GetBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action uses the accelerate subresource to // return the Transfer Acceleration state of a bucket, which is either Enabled // or Suspended. Amazon S3 Transfer Acceleration is a bucket-level feature that @@ -2668,16 +2962,18 @@ func (c *S3) GetBucketAclRequest(input *GetBucketAclInput) (req *request.Request // GetBucketAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action uses the acl subresource to return // the access control list (ACL) of a bucket. To use GET to return the ACL of -// the bucket, you must have READ_ACP access to the bucket. If READ_ACP permission -// is granted to the anonymous user, you can return the ACL of the bucket without -// using an authorization header. +// the bucket, you must have the READ_ACP access to the bucket. If READ_ACP +// permission is granted to the anonymous user, you can return the ACL of the +// bucket without using an authorization header. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -2764,6 +3060,8 @@ func (c *S3) GetBucketAnalyticsConfigurationRequest(input *GetBucketAnalyticsCon // GetBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the GET action returns an analytics configuration // (identified by the analytics configuration ID) from the bucket. // @@ -2857,6 +3155,8 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // GetBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the Cross-Origin Resource Sharing (CORS) configuration information // set for the bucket. // @@ -2864,10 +3164,10 @@ func (c *S3) GetBucketCorsRequest(input *GetBucketCorsInput) (req *request.Reque // action. By default, the bucket owner has this permission and can grant it // to others. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -2953,6 +3253,8 @@ func (c *S3) GetBucketEncryptionRequest(input *GetBucketEncryptionInput) (req *r // GetBucketEncryption API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the default encryption configuration for an Amazon S3 bucket. By // default, all buckets have a default encryption configuration that uses server-side // encryption with Amazon S3 managed keys (SSE-S3). For information about the @@ -3043,6 +3345,8 @@ func (c *S3) GetBucketIntelligentTieringConfigurationRequest(input *GetBucketInt // GetBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -3141,6 +3445,8 @@ func (c *S3) GetBucketInventoryConfigurationRequest(input *GetBucketInventoryCon // GetBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns an inventory configuration (identified by the inventory configuration // ID) from the bucket. // @@ -3242,6 +3548,8 @@ func (c *S3) GetBucketLifecycleRequest(input *GetBucketLifecycleInput) (req *req // see the updated version of this topic. This topic is provided for backward // compatibility. // +// This operation is not supported by directory buckets. +// // Returns the lifecycle configuration information set on the bucket. For information // about lifecycle configuration, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). // @@ -3340,6 +3648,8 @@ func (c *S3) GetBucketLifecycleConfigurationRequest(input *GetBucketLifecycleCon // GetBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Bucket lifecycle configuration now supports specifying a lifecycle rule using // an object key name prefix, one or more object tags, or a combination of both. // Accordingly, this section describes the latest API. The response describes @@ -3442,14 +3752,16 @@ func (c *S3) GetBucketLocationRequest(input *GetBucketLocationInput) (req *reque // GetBucketLocation API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the Region the bucket resides in. You set the bucket's Region using // the LocationConstraint request parameter in a CreateBucket request. For more // information, see CreateBucket (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html). // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -3536,6 +3848,8 @@ func (c *S3) GetBucketLoggingRequest(input *GetBucketLoggingInput) (req *request // GetBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the logging status of a bucket and the permissions users have to // view and modify that status. // @@ -3616,6 +3930,8 @@ func (c *S3) GetBucketMetricsConfigurationRequest(input *GetBucketMetricsConfigu // GetBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets a metrics configuration (specified by the metrics configuration ID) // from the bucket. Note that this doesn't include the daily storage metrics. // @@ -3714,6 +4030,8 @@ func (c *S3) GetBucketNotificationRequest(input *GetBucketNotificationConfigurat // GetBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see GetBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketNotificationConfiguration.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -3791,6 +4109,8 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // GetBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the notification configuration of a bucket. // // If notifications are not enabled on the bucket, the action returns an empty @@ -3801,10 +4121,10 @@ func (c *S3) GetBucketNotificationConfigurationRequest(input *GetBucketNotificat // to other users to read this configuration with the s3:GetBucketNotification // permission. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// When you use this API operation with an access point, provide the alias of +// the access point in place of the bucket name. // -// To use this API operation against an Object Lambda access point, provide +// When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -3889,6 +4209,8 @@ func (c *S3) GetBucketOwnershipControlsRequest(input *GetBucketOwnershipControls // GetBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves OwnershipControls for an Amazon S3 bucket. To use this operation, // you must have the s3:GetBucketOwnershipControls permission. For more information // about Amazon S3 permissions, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html). @@ -3973,10 +4295,21 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R // GetBucketPolicy API operation for Amazon Simple Storage Service. // -// Returns the policy of a specified bucket. If you are using an identity other -// than the root user of the Amazon Web Services account that owns the bucket, -// the calling identity must have the GetBucketPolicy permissions on the specified -// bucket and belong to the bucket owner's account in order to use this operation. +// Returns the policy of a specified bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the GetBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have GetBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an @@ -3991,17 +4324,33 @@ func (c *S3) GetBucketPolicyRequest(input *GetBucketPolicyInput) (req *request.R // these API actions by VPC endpoint policies and Amazon Web Services Organizations // policies. // -// To use this API operation against an access point, provide the alias of the -// access point in place of the bucket name. +// - General purpose bucket permissions - The s3:GetBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. // -// To use this API operation against an Object Lambda access point, provide -// the alias of the Object Lambda access point in place of the bucket name. -// If the Object Lambda access point alias in a request is not valid, the error -// code InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:GetBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. // -// For more information about bucket policies, see Using Bucket Policies and -// User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html). +// # Example bucket policies +// +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following action is related to GetBucketPolicy: // @@ -4078,6 +4427,8 @@ func (c *S3) GetBucketPolicyStatusRequest(input *GetBucketPolicyStatusInput) (re // GetBucketPolicyStatus API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the policy status for an Amazon S3 bucket, indicating whether the // bucket is public. In order to use this operation, you must have the s3:GetBucketPolicyStatus // permission. For more information about Amazon S3 permissions, see Specifying @@ -4167,6 +4518,8 @@ func (c *S3) GetBucketReplicationRequest(input *GetBucketReplicationInput) (req // GetBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the replication configuration of a bucket. // // It can take a while to propagate the put or delete a replication configuration @@ -4264,6 +4617,8 @@ func (c *S3) GetBucketRequestPaymentRequest(input *GetBucketRequestPaymentInput) // GetBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the request payment configuration of a bucket. To use this version // of the operation, you must be the bucket owner. For more information, see // Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). @@ -4343,6 +4698,8 @@ func (c *S3) GetBucketTaggingRequest(input *GetBucketTaggingInput) (req *request // GetBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag set associated with the bucket. // // To use this operation, you must have permission to perform the s3:GetBucketTagging @@ -4431,6 +4788,8 @@ func (c *S3) GetBucketVersioningRequest(input *GetBucketVersioningInput) (req *r // GetBucketVersioning API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the versioning state of a bucket. // // To retrieve the versioning state of a bucket, you must be the bucket owner. @@ -4518,6 +4877,8 @@ func (c *S3) GetBucketWebsiteRequest(input *GetBucketWebsiteInput) (req *request // GetBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the website configuration for a bucket. To host website on Amazon // S3, you can configure a bucket as website by adding a website configuration. // For more information about hosting websites, see Hosting Websites on Amazon @@ -4605,113 +4966,106 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // GetObject API operation for Amazon Simple Storage Service. // -// Retrieves objects from Amazon S3. To use GET, you must have READ access to -// the object. If you grant READ access to the anonymous user, you can return -// the object without using an authorization header. +// Retrieves an object from Amazon S3. // -// An Amazon S3 bucket has no directory hierarchy such as you would find in -// a typical computer file system. You can, however, create a logical hierarchy -// by using object key names that imply a folder structure. For example, instead -// of naming an object sample.jpg, you can name it photos/2006/February/sample.jpg. +// In the GetObject request, specify the full key name for the object. // -// To get an object from such a logical hierarchy, specify the full key name -// for the object in the GET operation. For a virtual hosted-style request example, -// if you have the object photos/2006/February/sample.jpg, specify the resource -// as /photos/2006/February/sample.jpg. For a path-style request example, if -// you have the object photos/2006/February/sample.jpg in the bucket named examplebucket, -// specify the resource as /examplebucket/photos/2006/February/sample.jpg. For -// more information about request types, see HTTP Host Header Bucket Specification -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket). +// General purpose buckets - Both the virtual-hosted-style requests and the +// path-style requests are supported. For a virtual hosted-style request example, +// if you have the object photos/2006/February/sample.jpg, specify the object +// key name as /photos/2006/February/sample.jpg. For a path-style request example, +// if you have the object photos/2006/February/sample.jpg in the bucket named +// examplebucket, specify the object key name as /examplebucket/photos/2006/February/sample.jpg. +// For more information about request types, see HTTP Host Header Bucket Specification +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket) +// in the Amazon S3 User Guide. // -// For more information about returning the ACL of an object, see GetObjectAcl -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html). +// Directory buckets - Only virtual-hosted-style requests are supported. For +// a virtual hosted-style request example, if you have the object photos/2006/February/sample.jpg +// in the bucket named examplebucket--use1-az5--x-s3, specify the object key +// name as /photos/2006/February/sample.jpg. Also, when you make requests to +// this API operation, your requests are sent to the Zonal endpoint. These endpoints +// support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - You must have the required permissions +// in a policy. To use GetObject, you must have the READ access to the object +// (or version). If you grant READ access to the anonymous user, the GetObject +// operation returns the object without using an authorization header. For +// more information, see Specifying permissions in a policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If you include a versionId in your request +// header, you must have the s3:GetObjectVersion permission to access a specific +// version of an object. The s3:GetObject permission is not required in this +// scenario. If you request the current version of an object without a specific +// versionId in the request header, only the s3:GetObject permission is required. +// The s3:GetObjectVersion permission is not required in this scenario. If +// the object that you request doesn’t exist, the error that Amazon S3 +// returns depends on whether you also have the s3:ListBucket permission. +// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns +// an HTTP status code 404 Not Found error. If you don’t have the s3:ListBucket +// permission, Amazon S3 returns an HTTP status code 403 Access Denied error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Storage classes // // If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval -// or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive -// or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the -// object you must first restore a copy using RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). -// Otherwise, this action returns an InvalidObjectState error. For information -// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html). +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, only the S3 Express One Zone storage +// class is supported to store newly created objects. Unsupported storage class +// values won't write a destination object and will respond with the HTTP status +// code 400 Bad Request. +// +// # Encryption // // Encryption request headers, like x-amz-server-side-encryption, should not -// be sent for GET requests if your object uses server-side encryption with -// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption -// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with -// Amazon S3 managed encryption keys (SSE-S3). If your object does use these -// types of keys, you’ll get an HTTP 400 Bad Request error. +// be sent for the GetObject requests, if your object uses server-side encryption +// with Amazon S3 managed encryption keys (SSE-S3), server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), or dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS). If you include the header in +// your GetObject requests for the object that uses these types of keys, you’ll +// get an HTTP 400 Bad Request error. // -// If you encrypt an object by using server-side encryption with customer-provided -// encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you GET the object, you must use the following headers: -// -// - x-amz-server-side-encryption-customer-algorithm -// -// - x-amz-server-side-encryption-customer-key -// -// - x-amz-server-side-encryption-customer-key-MD5 -// -// For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). -// -// Assuming you have the relevant permission to read object tags, the response -// also returns the x-amz-tagging-count header that provides the count of number -// of tags associated with the object. You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) -// to retrieve the tag set associated with an object. -// -// # Permissions -// -// You need the relevant read object (or version) permission for this operation. -// For more information, see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html). -// If the object that you request doesn’t exist, the error that Amazon S3 -// returns depends on whether you also have the s3:ListBucket permission. -// -// If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 (Not Found) error. -// -// If you don’t have the s3:ListBucket permission, Amazon S3 returns an HTTP -// status code 403 ("access denied") error. -// -// # Versioning -// -// By default, the GET action returns the current version of an object. To return -// a different version, use the versionId subresource. -// -// - If you supply a versionId, you need the s3:GetObjectVersion permission -// to access a specific version of an object. If you request a specific version, -// you do not need to have the s3:GetObject permission. If you request the -// current version without a specific version ID, only s3:GetObject permission -// is required. s3:GetObjectVersion permission won't be required. -// -// - If the current version of the object is a delete marker, Amazon S3 behaves -// as if the object was deleted and includes x-amz-delete-marker: true in -// the response. -// -// For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). -// -// # Overriding Response Header Values +// # Overriding response header values through the request // // There are times when you want to override certain response header values -// in a GET response. For example, you might override the Content-Disposition -// response header value in your GET request. +// of a GetObject response. For example, you might override the Content-Disposition +// response header value through your GetObject request. // -// You can override values for a set of response headers using the following -// query parameters. These response header values are sent only on a successful -// request, that is, when status code 200 OK is returned. The set of headers -// you can override using these parameters is a subset of the headers that Amazon -// S3 accepts when you create an object. The response headers that you can override -// for the GET response are Content-Type, Content-Language, Expires, Cache-Control, -// Content-Disposition, and Content-Encoding. To override these header values -// in the GET response, you use the following request parameters. +// You can override values for a set of response headers. These modified response +// header values are included only in a successful response, that is, when the +// HTTP status code 200 OK is returned. The headers you can override using the +// following query parameters in the request are a subset of the headers that +// Amazon S3 accepts when you create an object. // -// You must sign the request, either using an Authorization header or a presigned -// URL, when using these parameters. They cannot be used with an unsigned (anonymous) -// request. +// The response headers that you can override for the GetObject response are +// Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Type, +// and Expires. // -// - response-content-type -// -// - response-content-language -// -// - response-expires +// To override values for a set of response headers in the GetObject response, +// you can use the following query parameters in the request. // // - response-cache-control // @@ -4719,17 +5073,19 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // // - response-content-encoding // -// # Overriding Response Header Values +// - response-content-language // -// If both of the If-Match and If-Unmodified-Since headers are present in the -// request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since -// condition evaluates to false; then, S3 returns 200 OK and the data requested. +// - response-content-type // -// If both of the If-None-Match and If-Modified-Since headers are present in -// the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since -// condition evaluates to true; then, S3 returns 304 Not Modified response code. +// - response-expires // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// When you use these parameters, you must sign the request by using either +// an Authorization header or a presigned URL. These parameters cannot be used +// with an unsigned (anonymous) request. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to GetObject: // @@ -4752,6 +5108,15 @@ func (c *S3) GetObjectRequest(input *GetObjectInput) (req *request.Request, outp // - ErrCodeInvalidObjectState "InvalidObjectState" // Object is archived and inaccessible until restored. // +// If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval +// storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering +// Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, +// before you can retrieve the object you must first restore a copy using RestoreObject +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). +// Otherwise, this operation returns an InvalidObjectState error. For information +// about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) +// in the Amazon S3 User Guide. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/GetObject func (c *S3) GetObject(input *GetObjectInput) (*GetObjectOutput, error) { req, out := c.GetObjectRequest(input) @@ -4817,13 +5182,15 @@ func (c *S3) GetObjectAclRequest(input *GetObjectAclInput) (req *request.Request // GetObjectAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the access control list (ACL) of an object. To use this operation, // you must have s3:GetObjectAcl permissions or READ_ACP access to the object. // For more information, see Mapping of ACL permissions and access policy permissions // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#acl-access-policy-permission-mapping) // in the Amazon S3 User Guide // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // By default, GET returns ACL information about the current version of an object. // To return ACL information about a different version, use the versionId subresource. @@ -4921,16 +5288,65 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // GetObjectAttributes API operation for Amazon Simple Storage Service. // // Retrieves all the metadata from an object without returning the object itself. -// This action is useful if you're interested only in an object's metadata. -// To use GetObjectAttributes, you must have READ access to the object. +// This operation is useful if you're interested only in an object's metadata. // // GetObjectAttributes combines the functionality of HeadObject and ListParts. // All of the data returned with each of those individual calls can be returned // with a single call to GetObjectAttributes. // +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - To use GetObjectAttributes, you +// must have READ access to the object. The permissions that you need to +// use this operation with depend on whether the bucket is versioned. If +// the bucket is versioned, you need both the s3:GetObjectVersion and s3:GetObjectVersionAttributes +// permissions for this operation. If the bucket is not versioned, you need +// the s3:GetObject and s3:GetObjectAttributes permissions. For more information, +// see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) +// in the Amazon S3 User Guide. If the object that you request does not exist, +// the error Amazon S3 returns depends on whether you also have the s3:ListBucket +// permission. If you have the s3:ListBucket permission on the bucket, Amazon +// S3 returns an HTTP status code 404 Not Found ("no such key") error. If +// you don't have the s3:ListBucket permission, Amazon S3 returns an HTTP +// status code 403 Forbidden ("access denied") error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a GET request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. +// // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you retrieve the metadata from the object, you must use the following headers: +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: // // - x-amz-server-side-encryption-customer-algorithm // @@ -4942,47 +5358,35 @@ func (c *S3) GetObjectAttributesRequest(input *GetObjectAttributesInput) (req *r // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // -// - Encryption request headers, such as x-amz-server-side-encryption, should -// not be sent for GET requests if your object uses server-side encryption -// with Amazon Web Services KMS keys stored in Amazon Web Services Key Management -// Service (SSE-KMS) or server-side encryption with Amazon S3 managed keys -// (SSE-S3). If your object does use these types of keys, you'll get an HTTP -// 400 Bad Request error. +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// - The last modified property in this case is the creation date of the -// object. +// # Versioning +// +// Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID is +// supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. +// +// # Conditional request headers // // Consider the following when using request headers: // // - If both of the If-Match and If-Unmodified-Since headers are present // in the request as follows, then Amazon S3 returns the HTTP status code // 200 OK and the data requested: If-Match condition evaluates to true. If-Unmodified-Since -// condition evaluates to false. +// condition evaluates to false. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). // // - If both of the If-None-Match and If-Modified-Since headers are present // in the request as follows, then Amazon S3 returns the HTTP status code // 304 Not Modified: If-None-Match condition evaluates to false. If-Modified-Since -// condition evaluates to true. +// condition evaluates to true. For more information about conditional requests, +// see RFC 7232 (https://tools.ietf.org/html/rfc7232). // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// # HTTP Host header syntax // -// # Permissions -// -// The permissions that you need to use this operation depend on whether the -// bucket is versioned. If the bucket is versioned, you need both the s3:GetObjectVersion -// and s3:GetObjectVersionAttributes permissions for this operation. If the -// bucket is not versioned, you need the s3:GetObject and s3:GetObjectAttributes -// permissions. For more information, see Specifying Permissions in a Policy -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) -// in the Amazon S3 User Guide. If the object that you request does not exist, -// the error Amazon S3 returns depends on whether you also have the s3:ListBucket -// permission. -// -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 Not Found ("no such key") error. -// -// - If you don't have the s3:ListBucket permission, Amazon S3 returns an -// HTTP status code 403 Forbidden ("access denied") error. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following actions are related to GetObjectAttributes: // @@ -5078,10 +5482,12 @@ func (c *S3) GetObjectLegalHoldRequest(input *GetObjectLegalHoldInput) (req *req // GetObjectLegalHold API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets an object's current legal hold status. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectLegalHold: // @@ -5158,6 +5564,8 @@ func (c *S3) GetObjectLockConfigurationRequest(input *GetObjectLockConfiguration // GetObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Gets the Object Lock configuration for a bucket. The rule specified in the // Object Lock configuration will be applied by default to every new object // placed in the specified bucket. For more information, see Locking Objects @@ -5238,10 +5646,12 @@ func (c *S3) GetObjectRetentionRequest(input *GetObjectRetentionInput) (req *req // GetObjectRetention API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves an object's retention settings. For more information, see Locking // Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectRetention: // @@ -5318,6 +5728,8 @@ func (c *S3) GetObjectTaggingRequest(input *GetObjectTaggingInput) (req *request // GetObjectTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns the tag-set of an object. You send the GET request against the tagging // subresource associated with the object. // @@ -5413,6 +5825,8 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // GetObjectTorrent API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns torrent files from a bucket. BitTorrent can save you bandwidth when // you're distributing large files. // @@ -5422,7 +5836,7 @@ func (c *S3) GetObjectTorrentRequest(input *GetObjectTorrentInput) (req *request // // To use GET, you must have READ access to the object. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // The following action is related to GetObjectTorrent: // @@ -5499,6 +5913,8 @@ func (c *S3) GetPublicAccessBlockRequest(input *GetPublicAccessBlockInput) (req // GetPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Retrieves the PublicAccessBlock configuration for an Amazon S3 bucket. To // use this operation, you must have the s3:GetBucketPublicAccessBlock permission. // For more information about Amazon S3 permissions, see Specifying Permissions @@ -5590,39 +6006,63 @@ func (c *S3) HeadBucketRequest(input *HeadBucketInput) (req *request.Request, ou output = &HeadBucketOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // HeadBucket API operation for Amazon Simple Storage Service. // -// This action is useful to determine if a bucket exists and you have permission -// to access it. The action returns a 200 OK if the bucket exists and you have -// permission to access it. +// You can use this operation to determine if a bucket exists and if you have +// permission to access it. The action returns a 200 OK if the bucket exists +// and you have permission to access it. // // If the bucket does not exist or you do not have permission to access it, // the HEAD request returns a generic 400 Bad Request, 403 Forbidden or 404 // Not Found code. A message body is not included, so you cannot determine the // exception beyond these error codes. // -// To use this operation, you must have permissions to perform the s3:ListBucket -// action. The bucket owner has this permission by default and can grant this -// permission to others. For more information about permissions, see Permissions -// Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). +// Directory buckets - You must make requests for this API operation to the +// Zonal endpoint. These endpoints support virtual-hosted-style requests in +// the format https://bucket_name.s3express-az_id.region.amazonaws.com. Path-style +// requests are not supported. For more information, see Regional and Zonal +// endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // -// To use this API operation against an access point, you must provide the alias -// of the access point in place of the bucket name or specify the access point -// ARN. When using the access point ARN, you must direct requests to the access -// point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. -// When using the Amazon Web Services SDKs, you provide the ARN in place of -// the bucket name. For more information, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html). +// # Authentication and authorization // -// To use this API operation against an Object Lambda access point, provide -// the alias of the Object Lambda access point in place of the bucket name. -// If the Object Lambda access point alias in a request is not valid, the error -// code InvalidAccessPointAliasError is returned. For more information about -// InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). +// All HeadBucket requests must be authenticated and signed by using IAM credentials +// (access key ID and secret access key for the IAM identities). All headers +// with the x-amz- prefix, including x-amz-copy-source, must be signed. For +// more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). +// +// Directory bucket - You must use IAM credentials to authenticate and authorize +// your access to the HeadBucket API operation, instead of using the temporary +// security credentials through the CreateSession API operation. +// +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. +// +// Permissions +// +// - General purpose bucket permissions - To use this operation, you must +// have permissions to perform the s3:ListBucket action. The bucket owner +// has this permission by default and can grant this permission to others. +// For more information about permissions, see Managing access permissions +// to your Amazon S3 resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - You must have the s3express:CreateSession +// permission in the Action element of a policy. By default, the session +// is in the ReadWrite mode. If you want to restrict the access, you can +// explicitly set the s3express:SessionMode condition key to ReadOnly on +// the bucket. For more information about example bucket policies, see Example +// bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5700,19 +6140,70 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // HeadObject API operation for Amazon Simple Storage Service. // -// The HEAD action retrieves metadata from an object without returning the object -// itself. This action is useful if you're only interested in an object's metadata. -// To use HEAD, you must have READ access to the object. +// The HEAD operation retrieves metadata from an object without returning the +// object itself. This operation is useful if you're interested only in an object's +// metadata. // -// A HEAD request has the same options as a GET action on an object. The response -// is identical to the GET response except that there is no response body. Because -// of this, if the HEAD request generates an error, it returns a generic 400 -// Bad Request, 403 Forbidden or 404 Not Found code. It is not possible to retrieve -// the exact exception beyond these error codes. +// A HEAD request has the same options as a GET operation on an object. The +// response is identical to the GET response except that there is no response +// body. Because of this, if the HEAD request generates an error, it returns +// a generic code, such as 400 Bad Request, 403 Forbidden, 404 Not Found, 405 +// Method Not Allowed, 412 Precondition Failed, or 304 Not Modified. It's not +// possible to retrieve the exact exception of these error codes. +// +// Request headers are limited to 8 KB in size. For more information, see Common +// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - To use HEAD, you must have the +// s3:GetObject permission. You need the relevant read object (or version) +// permission for this operation. For more information, see Actions, resources, +// and condition keys for Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html) +// in the Amazon S3 User Guide. If the object you request doesn't exist, +// the error that Amazon S3 returns depends on whether you also have the +// s3:ListBucket permission. If you have the s3:ListBucket permission on +// the bucket, Amazon S3 returns an HTTP status code 404 Not Found error. +// If you don’t have the s3:ListBucket permission, Amazon S3 returns an +// HTTP status code 403 Forbidden error. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Encryption +// +// Encryption request headers, like x-amz-server-side-encryption, should not +// be sent for HEAD requests if your object uses server-side encryption with +// Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption +// with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with +// Amazon S3 managed encryption keys (SSE-S3). The x-amz-server-side-encryption +// header is used when you PUT an object to S3 and want to specify the encryption +// method. If you include this header in a HEAD request for an object that uses +// these types of keys, you’ll get an HTTP 400 Bad Request error. It's because +// the encryption method can't be changed when you retrieve the object. // // If you encrypt an object by using server-side encryption with customer-provided // encryption keys (SSE-C) when you store the object in Amazon S3, then when -// you retrieve the metadata from the object, you must use the following headers: +// you retrieve the metadata from the object, you must use the following headers +// to provide the encryption key for the server to be able to retrieve the object's +// metadata. The headers are: // // - x-amz-server-side-encryption-customer-algorithm // @@ -5721,48 +6212,32 @@ func (c *S3) HeadObjectRequest(input *HeadObjectInput) (req *request.Request, ou // - x-amz-server-side-encryption-customer-key-MD5 // // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided -// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html). +// Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) +// in the Amazon S3 User Guide. // -// - Encryption request headers, like x-amz-server-side-encryption, should -// not be sent for GET requests if your object uses server-side encryption -// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side -// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side -// encryption with Amazon S3 managed encryption keys (SSE-S3). If your object -// does use these types of keys, you’ll get an HTTP 400 Bad Request error. +// Directory bucket permissions - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // -// - The last modified property in this case is the creation date of the -// object. +// Versioning // -// Request headers are limited to 8 KB in size. For more information, see Common -// Request Headers (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html). +// - If the current version of the object is a delete marker, Amazon S3 behaves +// as if the object was deleted and includes x-amz-delete-marker: true in +// the response. // -// Consider the following when using request headers: +// - If the specified version is a delete marker, the response returns a +// 405 Method Not Allowed error and the Last-Modified: timestamp response +// header. // -// - Consideration 1 – If both of the If-Match and If-Unmodified-Since -// headers are present in the request as follows: If-Match condition evaluates -// to true, and; If-Unmodified-Since condition evaluates to false; Then Amazon -// S3 returns 200 OK and the data requested. +// - Directory buckets - Delete marker is not supported by directory buckets. // -// - Consideration 2 – If both of the If-None-Match and If-Modified-Since -// headers are present in the request as follows: If-None-Match condition -// evaluates to false, and; If-Modified-Since condition evaluates to true; -// Then Amazon S3 returns the 304 Not Modified response code. +// - Directory buckets - S3 Versioning isn't enabled and supported for directory +// buckets. For this API operation, only the null value of the version ID +// is supported by directory buckets. You can only specify null to the versionId +// query parameter in the request. // -// For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). +// # HTTP Host header syntax // -// # Permissions -// -// You need the relevant read object (or version) permission for this operation. -// For more information, see Actions, resources, and condition keys for Amazon -// S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html). -// If the object you request doesn't exist, the error that Amazon S3 returns -// depends on whether you also have the s3:ListBucket permission. -// -// - If you have the s3:ListBucket permission on the bucket, Amazon S3 returns -// an HTTP status code 404 error. -// -// - If you don’t have the s3:ListBucket permission, Amazon S3 returns -// an HTTP status code 403 error. +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following actions are related to HeadObject: // @@ -5844,6 +6319,8 @@ func (c *S3) ListBucketAnalyticsConfigurationsRequest(input *ListBucketAnalytics // ListBucketAnalyticsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the analytics configurations for the bucket. You can have up to 1,000 // analytics configurations per bucket. // @@ -5943,6 +6420,8 @@ func (c *S3) ListBucketIntelligentTieringConfigurationsRequest(input *ListBucket // ListBucketIntelligentTieringConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the S3 Intelligent-Tiering configuration from the specified bucket. // // The S3 Intelligent-Tiering storage class is designed to optimize storage @@ -6041,6 +6520,8 @@ func (c *S3) ListBucketInventoryConfigurationsRequest(input *ListBucketInventory // ListBucketInventoryConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of inventory configurations for the bucket. You can have up // to 1,000 analytics configurations per bucket. // @@ -6140,6 +6621,8 @@ func (c *S3) ListBucketMetricsConfigurationsRequest(input *ListBucketMetricsConf // ListBucketMetricsConfigurations API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Lists the metrics configurations for the bucket. The metrics configurations // are only for the request metrics of the bucket and do not provide information // on daily storage metrics. You can have up to 1,000 configurations per bucket. @@ -6240,6 +6723,8 @@ func (c *S3) ListBucketsRequest(input *ListBucketsInput) (req *request.Request, // ListBuckets API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns a list of all buckets owned by the authenticated sender of the request. // To use this operation, you must have the s3:ListAllMyBuckets permission. // @@ -6274,6 +6759,160 @@ func (c *S3) ListBucketsWithContext(ctx aws.Context, input *ListBucketsInput, op return out, req.Send() } +const opListDirectoryBuckets = "ListDirectoryBuckets" + +// ListDirectoryBucketsRequest generates a "aws/request.Request" representing the +// client's request for the ListDirectoryBuckets operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListDirectoryBuckets for more information on using the ListDirectoryBuckets +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListDirectoryBucketsRequest method. +// req, resp := client.ListDirectoryBucketsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBucketsRequest(input *ListDirectoryBucketsInput) (req *request.Request, output *ListDirectoryBucketsOutput) { + op := &request.Operation{ + Name: opListDirectoryBuckets, + HTTPMethod: "GET", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"ContinuationToken"}, + OutputTokens: []string{"ContinuationToken"}, + LimitToken: "MaxDirectoryBuckets", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListDirectoryBucketsInput{} + } + + output = &ListDirectoryBucketsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListDirectoryBuckets API operation for Amazon Simple Storage Service. +// +// Returns a list of all Amazon S3 directory buckets owned by the authenticated +// sender of the request. For more information about directory buckets, see +// Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// You must have the s3express:ListAllMyDirectoryBuckets permission in an IAM +// identity-based policy instead of a bucket policy. Cross-account access to +// this API operation isn't supported. This operation can only be performed +// by the Amazon Web Services account that owns the resource. For more information +// about directory bucket policies and permissions, see Amazon Web Services +// Identity and Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Simple Storage Service's +// API operation ListDirectoryBuckets for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ListDirectoryBuckets +func (c *S3) ListDirectoryBuckets(input *ListDirectoryBucketsInput) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + return out, req.Send() +} + +// ListDirectoryBucketsWithContext is the same as ListDirectoryBuckets with the addition of +// the ability to pass a context and additional request options. +// +// See ListDirectoryBuckets for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, opts ...request.Option) (*ListDirectoryBucketsOutput, error) { + req, out := c.ListDirectoryBucketsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListDirectoryBucketsPages iterates over the pages of a ListDirectoryBuckets operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListDirectoryBuckets method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListDirectoryBuckets operation. +// pageNum := 0 +// err := client.ListDirectoryBucketsPages(params, +// func(page *s3.ListDirectoryBucketsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *S3) ListDirectoryBucketsPages(input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool) error { + return c.ListDirectoryBucketsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListDirectoryBucketsPagesWithContext same as ListDirectoryBucketsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *S3) ListDirectoryBucketsPagesWithContext(ctx aws.Context, input *ListDirectoryBucketsInput, fn func(*ListDirectoryBucketsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListDirectoryBucketsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListDirectoryBucketsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListDirectoryBucketsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListMultipartUploads = "ListMultipartUploads" // ListMultipartUploadsRequest generates a "aws/request.Request" representing the @@ -6323,28 +6962,79 @@ func (c *S3) ListMultipartUploadsRequest(input *ListMultipartUploadsInput) (req // ListMultipartUploads API operation for Amazon Simple Storage Service. // -// This action lists in-progress multipart uploads. An in-progress multipart -// upload is a multipart upload that has been initiated using the Initiate Multipart -// Upload request, but has not yet been completed or aborted. +// This operation lists in-progress multipart uploads in a bucket. An in-progress +// multipart upload is a multipart upload that has been initiated by the CreateMultipartUpload +// request, but has not yet been completed or aborted. // -// This action returns at most 1,000 multipart uploads in the response. 1,000 -// multipart uploads is the maximum number of uploads a response can include, -// which is also the default value. You can further limit the number of uploads -// in a response by specifying the max-uploads parameter in the response. If -// additional multipart uploads satisfy the list criteria, the response will -// contain an IsTruncated element with the value true. To list the additional -// multipart uploads, use the key-marker and upload-id-marker request parameters. +// Directory buckets - If multipart uploads in a directory bucket are in progress, +// you can't delete the bucket until all the in-progress multipart uploads are +// aborted or completed. // -// In the response, the uploads are sorted by key. If your application has initiated -// more than one multipart upload using the same object key, then uploads in -// the response are first sorted by key. Additionally, uploads are sorted in -// ascending order within each key by the upload initiation time. +// The ListMultipartUploads operation returns a maximum of 1,000 multipart uploads +// in the response. The limit of 1,000 multipart uploads is also the default +// value. You can further limit the number of uploads in a response by specifying +// the max-uploads request parameter. If there are more than 1,000 multipart +// uploads that satisfy your ListMultipartUploads request, the response returns +// an IsTruncated element with the value of true, a NextKeyMarker element, and +// a NextUploadIdMarker element. To list the remaining multipart uploads, you +// need to make subsequent ListMultipartUploads requests. In these requests, +// include two query parameters: key-marker and upload-id-marker. Set the value +// of key-marker to the NextKeyMarker value from the previous response. Similarly, +// set the value of upload-id-marker to the NextUploadIdMarker value from the +// previous response. // -// For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Directory buckets - The upload-id-marker element and the NextUploadIdMarker +// element aren't supported by directory buckets. To list the additional multipart +// uploads, you only need to set the value of key-marker to the NextKeyMarker +// value from the previous response. // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// For more information about multipart uploads, see Uploading Objects Using +// Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting of multipart uploads in response +// +// - General purpose bucket - In the ListMultipartUploads response, the multipart +// uploads are sorted based on two criteria: Key-based sorting - Multipart +// uploads are initially sorted in ascending order based on their object +// keys. Time-based sorting - For uploads that share the same object key, +// they are further sorted in ascending order based on the upload initiation +// time. Among uploads with the same key, the one that was initiated first +// will appear before the ones that were initiated later. +// +// - Directory bucket - In the ListMultipartUploads response, the multipart +// uploads aren't sorted lexicographically based on the object keys. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListMultipartUploads: // @@ -6486,6 +7176,8 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req // ListObjectVersions API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns metadata about all versions of the objects in a bucket. You can also // use request parameters as selection criteria to return metadata about a subset // of all the object versions. @@ -6498,8 +7190,6 @@ func (c *S3) ListObjectVersionsRequest(input *ListObjectVersionsInput) (req *req // // To use this operation, you must have READ access to the bucket. // -// This action is not supported by Amazon S3 on Outposts. -// // The following operations are related to ListObjectVersions: // // - ListObjectsV2 (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html) @@ -6638,6 +7328,8 @@ func (c *S3) ListObjectsRequest(input *ListObjectsInput) (req *request.Request, // ListObjects API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Returns some or all (up to 1,000) of the objects in a bucket. You can use // the request parameters as selection criteria to return a subset of the objects // in a bucket. A 200 OK response can contain valid or invalid XML. Be sure @@ -6798,28 +7490,58 @@ func (c *S3) ListObjectsV2Request(input *ListObjectsV2Input) (req *request.Reque // You can use the request parameters as selection criteria to return a subset // of the objects in a bucket. A 200 OK response can contain valid or invalid // XML. Make sure to design your application to parse the contents of the response -// and handle it appropriately. Objects are returned sorted in an ascending -// order of the respective key names in the list. For more information about -// listing objects, see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// and handle it appropriately. For more information about listing objects, +// see Listing object keys programmatically (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ListingKeysUsingAPIs.html) +// in the Amazon S3 User Guide. To get a list of your buckets, see ListBuckets +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// To use this operation, you must have READ access to the bucket. +// Permissions // -// To use this action in an Identity and Access Management (IAM) policy, you -// must have permission to perform the s3:ListBucket action. The bucket owner -// has this permission by default and can grant this permission to others. For -// more information about permissions, see Permissions Related to Bucket Subresource -// Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) -// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) -// in the Amazon S3 User Guide. +// - General purpose bucket permissions - To use this operation, you must +// have READ access to the bucket. You must have permission to perform the +// s3:ListBucket action. The bucket owner has this permission by default +// and can grant this permission to others. For more information about permissions, +// see Permissions Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) +// and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// Sorting order of returned objects +// +// - General purpose bucket - For general purpose buckets, ListObjectsV2 +// returns objects in lexicographical order based on their key names. +// +// - Directory bucket - For directory buckets, ListObjectsV2 does not return +// objects in lexicographical order. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // This section describes the latest revision of this action. We recommend that // you use this revised API operation for application development. For backward // compatibility, Amazon S3 continues to support the prior version of this API // operation, ListObjects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html). // -// To get a list of your buckets, see ListBuckets (https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html). -// // The following operations are related to ListObjectsV2: // // - GetObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) @@ -6962,24 +7684,58 @@ func (c *S3) ListPartsRequest(input *ListPartsInput) (req *request.Request, outp // ListParts API operation for Amazon Simple Storage Service. // // Lists the parts that have been uploaded for a specific multipart upload. -// This operation must include the upload ID, which you obtain by sending the -// initiate multipart upload request (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)). -// This request returns a maximum of 1,000 uploaded parts. The default number -// of parts returned is 1,000 parts. You can restrict the number of parts returned -// by specifying the max-parts request parameter. If your multipart upload consists -// of more than 1,000 parts, the response returns an IsTruncated field with -// the value of true, and a NextPartNumberMarker element. In subsequent ListParts -// requests you can include the part-number-marker query string parameter and -// set its value to the NextPartNumberMarker field value from the previous response. // -// If the upload was created using a checksum algorithm, you will need to have -// permission to the kms:Decrypt action for the request to succeed. +// To use this operation, you must provide the upload ID in the request. You +// obtain this uploadID by sending the initiate multipart upload request through +// CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// +// The ListParts request returns a maximum of 1,000 uploaded parts. The limit +// of 1,000 parts is also the default value. You can restrict the number of +// parts in a response by specifying the max-parts request parameter. If your +// multipart upload consists of more than 1,000 parts, the response returns +// an IsTruncated field with the value of true, and a NextPartNumberMarker element. +// To list remaining uploaded parts, in subsequent ListParts requests, include +// the part-number-marker query string parameter and set its value to the NextPartNumberMarker +// field value from the previous response. // // For more information on multipart uploads, see Uploading Objects Using Multipart -// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html). +// Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. // -// For information on permissions required to use the multipart upload API, -// see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html). +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// Permissions +// +// - General purpose bucket permissions - For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. If the upload was created using server-side +// encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer +// server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you +// must have permission to the kms:Decrypt action for the ListParts request +// to succeed. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to ListParts: // @@ -7118,6 +7874,8 @@ func (c *S3) PutBucketAccelerateConfigurationRequest(input *PutBucketAccelerateC // PutBucketAccelerateConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the accelerate configuration of an existing bucket. Amazon S3 Transfer // Acceleration is a bucket-level feature that enables you to perform faster // data transfers to Amazon S3. @@ -7230,9 +7988,11 @@ func (c *S3) PutBucketAclRequest(input *PutBucketAclInput) (req *request.Request // PutBucketAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the permissions on an existing bucket using access control lists (ACL). // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). -// To set the ACL of a bucket, you must have WRITE_ACP permission. +// To set the ACL of a bucket, you must have the WRITE_ACP permission. // // You can use one of the following two ways to set a bucket's permissions: // @@ -7398,6 +8158,8 @@ func (c *S3) PutBucketAnalyticsConfigurationRequest(input *PutBucketAnalyticsCon // PutBucketAnalyticsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets an analytics configuration for the bucket (specified by the analytics // configuration ID). You can have up to 1,000 analytics configurations per // bucket. @@ -7520,6 +8282,8 @@ func (c *S3) PutBucketCorsRequest(input *PutBucketCorsInput) (req *request.Reque // PutBucketCors API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the cors configuration for your bucket. If the configuration exists, // Amazon S3 replaces it. // @@ -7640,21 +8404,21 @@ func (c *S3) PutBucketEncryptionRequest(input *PutBucketEncryptionInput) (req *r // PutBucketEncryption API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action uses the encryption subresource to configure default encryption // and Amazon S3 Bucket Keys for an existing bucket. // // By default, all buckets have a default encryption configuration that uses // server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally // configure default encryption for a bucket by using server-side encryption -// with Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side -// encryption with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption -// with customer-provided keys (SSE-C). If you specify default encryption by -// using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information -// about bucket default encryption, see Amazon S3 bucket default encryption -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) -// in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see -// Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) -// in the Amazon S3 User Guide. +// with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side +// encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default +// encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html). If you +// use PutBucketEncryption to set your default bucket encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) +// to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 +// does not validate the KMS key ID provided in PutBucketEncryption requests. // // This action requires Amazon Web Services Signature Version 4. For more information, // see Authenticating Requests (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html). @@ -7744,6 +8508,8 @@ func (c *S3) PutBucketIntelligentTieringConfigurationRequest(input *PutBucketInt // PutBucketIntelligentTieringConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Puts a S3 Intelligent-Tiering configuration to the specified bucket. You // can have up to 1,000 S3 Intelligent-Tiering configurations per bucket. // @@ -7869,6 +8635,8 @@ func (c *S3) PutBucketInventoryConfigurationRequest(input *PutBucketInventoryCon // PutBucketInventoryConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This implementation of the PUT action adds an inventory configuration (identified // by the inventory ID) to the bucket. You can have up to 1,000 inventory configurations // per bucket. @@ -8023,6 +8791,8 @@ func (c *S3) PutBucketLifecycleRequest(input *PutBucketLifecycleInput) (req *req // PutBucketLifecycle API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // For an updated version of this API, see PutBucketLifecycleConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html). // This version has been deprecated. Existing lifecycle configurations will // work. For new lifecycle configurations, use the updated API. @@ -8152,6 +8922,8 @@ func (c *S3) PutBucketLifecycleConfigurationRequest(input *PutBucketLifecycleCon // PutBucketLifecycleConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a new lifecycle configuration for the bucket or replaces an existing // lifecycle configuration. Keep in mind that this will overwrite an existing // lifecycle configuration, so if you want to retain any configuration details, @@ -8295,6 +9067,8 @@ func (c *S3) PutBucketLoggingRequest(input *PutBucketLoggingInput) (req *request // PutBucketLogging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Set the logging parameters for a bucket and to specify permissions for who // can view and modify the logging parameters. All logs are saved to buckets // in the same Amazon Web Services Region as the source bucket. To set the logging @@ -8422,6 +9196,8 @@ func (c *S3) PutBucketMetricsConfigurationRequest(input *PutBucketMetricsConfigu // PutBucketMetricsConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets a metrics configuration (specified by the metrics configuration ID) // for the bucket. You can have up to 1,000 metrics configurations per bucket. // If you're updating an existing metrics configuration, note that this is a @@ -8532,6 +9308,8 @@ func (c *S3) PutBucketNotificationRequest(input *PutBucketNotificationInput) (re // PutBucketNotification API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // No longer used, see the PutBucketNotificationConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html) // operation. // @@ -8611,6 +9389,8 @@ func (c *S3) PutBucketNotificationConfigurationRequest(input *PutBucketNotificat // PutBucketNotificationConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Enables notifications of specified events for a bucket. For more information // about event notifications, see Configuring Event Notifications (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). // @@ -8740,6 +9520,8 @@ func (c *S3) PutBucketOwnershipControlsRequest(input *PutBucketOwnershipControls // PutBucketOwnershipControls API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies OwnershipControls for an Amazon S3 bucket. To use this // operation, you must have the s3:PutBucketOwnershipControls permission. For // more information about Amazon S3 permissions, see Specifying permissions @@ -8830,11 +9612,21 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // PutBucketPolicy API operation for Amazon Simple Storage Service. // -// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using -// an identity other than the root user of the Amazon Web Services account that -// owns the bucket, the calling identity must have the PutBucketPolicy permissions -// on the specified bucket and belong to the bucket owner's account in order -// to use this operation. +// Applies an Amazon S3 bucket policy to an Amazon S3 bucket. +// +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Regional endpoint. These endpoints support path-style +// requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name +// . Virtual-hosted-style requests aren't supported. For more information, see +// Regional and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Permissions +// +// If you are using an identity other than the root user of the Amazon Web Services +// account that owns the bucket, the calling identity must both have the PutBucketPolicy +// permissions on the specified bucket and belong to the bucket owner's account +// in order to use this operation. // // If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access // Denied error. If you have the correct permissions, but you're not using an @@ -8849,7 +9641,33 @@ func (c *S3) PutBucketPolicyRequest(input *PutBucketPolicyInput) (req *request.R // these API actions by VPC endpoint policies and Amazon Web Services Organizations // policies. // -// For more information, see Bucket policy examples (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html). +// - General purpose bucket permissions - The s3:PutBucketPolicy permission +// is required in a policy. For more information about general purpose buckets +// bucket policies, see Using Bucket Policies and User Policies (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-iam-policies.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation, +// you must have the s3express:PutBucketPolicy permission in an IAM identity-based +// policy instead of a bucket policy. Cross-account access to this API operation +// isn't supported. This operation can only be performed by the Amazon Web +// Services account that owns the resource. For more information about directory +// bucket policies and permissions, see Amazon Web Services Identity and +// Access Management (IAM) for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html) +// in the Amazon S3 User Guide. +// +// # Example bucket policies +// +// General purpose buckets example bucket policies - See Bucket policy examples +// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// Directory bucket example bucket policies - See Example bucket policies for +// S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// in the Amazon S3 User Guide. +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com. // // The following operations are related to PutBucketPolicy: // @@ -8933,6 +9751,8 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // PutBucketReplication API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates a replication configuration or replaces an existing one. For more // information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html) // in the Amazon S3 User Guide. @@ -8941,6 +9761,9 @@ func (c *S3) PutBucketReplicationRequest(input *PutBucketReplicationInput) (req // configuration, you provide the name of the destination bucket or buckets // where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 // can assume to replicate objects on your behalf, and other relevant information. +// You can invoke this request for a specific Amazon Web Services Region by +// using the aws:RequestedRegion (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requestedregion) +// condition key. // // A replication configuration must include at least one rule, and can contain // a maximum of 1,000. Each rule identifies a subset of objects to replicate @@ -9069,6 +9892,8 @@ func (c *S3) PutBucketRequestPaymentRequest(input *PutBucketRequestPaymentInput) // PutBucketRequestPayment API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the request payment configuration for a bucket. By default, the bucket // owner pays for downloads from the bucket. This configuration parameter enables // the bucket owner (only) to specify that the person requesting the download @@ -9157,6 +9982,8 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // PutBucketTagging API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the tags for a bucket. // // Use tags to organize your Amazon Web Services bill to reflect your own cost @@ -9167,7 +9994,7 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // name, and then organize your billing information to see the total cost of // that application across several services. For more information, see Cost // Allocation and Tagging (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) -// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/dev/CostAllocTagging.html). +// and Using Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // // When this operation sets the tags for a bucket, it will overwrite any current // tags the bucket already has. You cannot use this operation to add tags to @@ -9179,22 +10006,20 @@ func (c *S3) PutBucketTaggingRequest(input *PutBucketTaggingInput) (req *request // Related to Bucket Subresource Operations (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-bucket-subresources) // and Managing Access Permissions to Your Amazon S3 Resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html). // -// PutBucketTagging has the following special errors: +// PutBucketTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// - Error code: InvalidTagError Description: The tag provided was not a -// valid tag. This error can occur if the tag did not pass input validation. -// For information about tag restrictions, see User-Defined Tag Restrictions -// (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) -// and Amazon Web Services-Generated Cost Allocation Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/aws-tag-restrictions.html). +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Using +// Cost Allocation in Amazon S3 Bucket Tags (https://docs.aws.amazon.com/AmazonS3/latest/userguide/CostAllocTagging.html). // -// - Error code: MalformedXMLError Description: The XML provided does not -// match the schema. +// - MalformedXML - The XML provided does not match the schema. // -// - Error code: OperationAbortedError Description: A conflicting conditional -// action is currently in progress against this resource. Please try again. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// - Error code: InternalError Description: The service was unable to apply -// the provided tag to the bucket. +// - InternalError - The service was unable to apply the provided tag to +// the bucket. // // The following operations are related to PutBucketTagging: // @@ -9278,6 +10103,8 @@ func (c *S3) PutBucketVersioningRequest(input *PutBucketVersioningInput) (req *r // PutBucketVersioning API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the versioning state of an existing bucket. // // You can set the versioning state with one of the following values: @@ -9389,6 +10216,8 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // PutBucketWebsite API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Sets the configuration of the website that is specified in the website subresource. // To configure a bucket as a website, you can add this subresource on the bucket // with website configuration information such as the file name of the index @@ -9456,6 +10285,8 @@ func (c *S3) PutBucketWebsiteRequest(input *PutBucketWebsiteInput) (req *request // more information, see Configuring an Object Redirect (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) // in the Amazon S3 User Guide. // +// The maximum request length is limited to 128 KB. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9527,87 +10358,83 @@ func (c *S3) PutObjectRequest(input *PutObjectInput) (req *request.Request, outp // PutObject API operation for Amazon Simple Storage Service. // -// Adds an object to a bucket. You must have WRITE permissions on a bucket to -// add an object to it. +// Adds an object to a bucket. // -// Amazon S3 never adds partial objects; if you receive a success response, -// Amazon S3 added the entire object to the bucket. You cannot use PutObject -// to only update a single piece of metadata for an existing object. You must -// put the entire object with updated metadata if you want to update some values. +// - Amazon S3 never adds partial objects; if you receive a success response, +// Amazon S3 added the entire object to the bucket. You cannot use PutObject +// to only update a single piece of metadata for an existing object. You +// must put the entire object with updated metadata if you want to update +// some values. +// +// - If your bucket uses the bucket owner enforced setting for Object Ownership, +// ACLs are disabled and no longer affect permissions. All objects written +// to the bucket by any account will be owned by the bucket owner. +// +// - Directory buckets - For directory buckets, you must make requests for +// this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. // // Amazon S3 is a distributed system. If it receives multiple write requests // for the same object simultaneously, it overwrites all but the last object -// written. To prevent objects from being deleted or overwritten, you can use -// Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html). +// written. However, Amazon S3 provides features that can modify this behavior: // -// To ensure that data is not corrupted traversing the network, use the Content-MD5 -// header. When you use this header, Amazon S3 checks the object against the -// provided MD5 value and, if they do not match, returns an error. Additionally, -// you can calculate the MD5 while putting an object to Amazon S3 and compare -// the returned ETag to the calculated MD5 value. +// - S3 Object Lock - To prevent objects from being deleted or overwritten, +// you can use Amazon S3 Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) +// in the Amazon S3 User Guide. This functionality is not supported for directory +// buckets. // -// - To successfully complete the PutObject request, you must have the s3:PutObject -// in your IAM permissions. +// - S3 Versioning - When you enable versioning for a bucket, if Amazon S3 +// receives multiple write requests for the same object simultaneously, it +// stores all versions of the objects. For each write request that is made +// to the same object, Amazon S3 automatically generates a unique version +// ID of that object being stored in Amazon S3. You can retrieve, replace, +// or delete any version of the object. For more information about versioning, +// see Adding Objects to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) +// in the Amazon S3 User Guide. For information about returning the versioning +// state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). +// This functionality is not supported for directory buckets. // -// - To successfully change the objects acl of your PutObject request, you -// must have the s3:PutObjectAcl in your IAM permissions. +// Permissions // -// - To successfully set the tag-set with your PutObject request, you must -// have the s3:PutObjectTagging in your IAM permissions. +// - General purpose bucket permissions - The following permissions are required +// in your policies when your PutObject request includes specific headers. +// s3:PutObject - To successfully complete the PutObject request, you must +// always have the s3:PutObject permission on a bucket to add an object to +// it. s3:PutObjectAcl - To successfully change the objects ACL of your PutObject +// request, you must have the s3:PutObjectAcl. s3:PutObjectTagging - To successfully +// set the tag-set with your PutObject request, you must have the s3:PutObjectTagging. // -// - The Content-MD5 header is required for any request to upload an object -// with a retention period configured using Amazon S3 Object Lock. For more -// information about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) -// in the Amazon S3 User Guide. +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). // -// You have four mutually exclusive options to protect data using server-side -// encryption in Amazon S3, depending on how you choose to manage the encryption -// keys. Specifically, the encryption key options are Amazon S3 managed keys -// (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and customer-provided -// keys (SSE-C). Amazon S3 encrypts data with server-side encryption by using -// Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon -// S3 to encrypt data at rest by using server-side encryption with other key -// options. For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). +// Data integrity with Content-MD5 // -// When adding a new object, you can use headers to grant ACL-based permissions -// to individual Amazon Web Services accounts or to predefined groups defined -// by Amazon S3. These permissions are then added to the ACL on the object. -// By default, all objects are private. Only the owner has full access control. -// For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) -// and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html). +// - General purpose bucket - To ensure that data is not corrupted traversing +// the network, use the Content-MD5 header. When you use this header, Amazon +// S3 checks the object against the provided MD5 value and, if they do not +// match, Amazon S3 returns an error. Alternatively, when the object's ETag +// is its MD5 digest, you can calculate the MD5 while putting the object +// to Amazon S3 and compare the returned ETag to the calculated MD5 value. // -// If the bucket that you're uploading objects to uses the bucket owner enforced -// setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. -// Buckets that use this setting only accept PUT requests that don't specify -// an ACL or PUT requests that specify bucket owner full control ACLs, such -// as the bucket-owner-full-control canned ACL or an equivalent form of this -// ACL expressed in the XML format. PUT requests that contain other ACLs (for -// example, custom grants to certain Amazon Web Services accounts) fail and -// return a 400 error with the error code AccessControlListNotSupported. For -// more information, see Controlling ownership of objects and disabling ACLs -// (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) -// in the Amazon S3 User Guide. +// - Directory bucket - This functionality is not supported for directory +// buckets. // -// If your bucket uses the bucket owner enforced setting for Object Ownership, -// all objects written to the bucket by any account will be owned by the bucket -// owner. +// # HTTP Host header syntax // -// By default, Amazon S3 uses the STANDARD Storage Class to store newly created -// objects. The STANDARD storage class provides high durability and high availability. -// Depending on performance needs, you can specify a different Storage Class. -// Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, -// see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) -// in the Amazon S3 User Guide. -// -// If you enable versioning for a bucket, Amazon S3 automatically generates -// a unique version ID for the object being stored. Amazon S3 returns this ID -// in the response. When you enable versioning for a bucket, if Amazon S3 receives -// multiple write requests for the same object simultaneously, it stores all -// of the objects. For more information about versioning, see Adding Objects -// to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html). -// For information about returning the versioning state of a bucket, see GetBucketVersioning -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // For more information about related Amazon S3 APIs, see the following: // @@ -9690,13 +10517,15 @@ func (c *S3) PutObjectAclRequest(input *PutObjectAclInput) (req *request.Request // PutObjectAcl API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Uses the acl subresource to set the access control list (ACL) permissions -// for a new or existing object in an S3 bucket. You must have WRITE_ACP permission -// to set the ACL of an object. For more information, see What permissions can -// I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) +// for a new or existing object in an S3 bucket. You must have the WRITE_ACP +// permission to set the ACL of an object. For more information, see What permissions +// can I grant? (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions) // in the Amazon S3 User Guide. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Depending on your application needs, you can choose to set the ACL on an // object using either the request body or the headers. For example, if you @@ -9865,10 +10694,12 @@ func (c *S3) PutObjectLegalHoldRequest(input *PutObjectLegalHoldInput) (req *req // PutObjectLegalHold API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Applies a legal hold configuration to the specified object. For more information, // see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9945,6 +10776,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // PutObjectLockConfiguration API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Places an Object Lock configuration on the specified bucket. The rule specified // in the Object Lock configuration will be applied by default to every new // object placed in the specified bucket. For more information, see Locking @@ -9955,8 +10788,8 @@ func (c *S3) PutObjectLockConfigurationRequest(input *PutObjectLockConfiguration // - The DefaultRetention period can be either Days or Years but you must // select one. You cannot specify Days and Years at the same time. // -// - You can only enable Object Lock for new buckets. If you want to turn -// on Object Lock for an existing bucket, contact Amazon Web Services Support. +// - You can enable Object Lock for new or existing buckets. For more information, +// see Configuring Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10033,13 +10866,15 @@ func (c *S3) PutObjectRetentionRequest(input *PutObjectRetentionInput) (req *req // PutObjectRetention API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Places an Object Retention configuration on an object. For more information, // see Locking Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). // Users or accounts require the s3:PutObjectRetention permission in order to // place an Object Retention configuration on objects. Bypassing a Governance // Retention configuration requires the s3:BypassGovernanceRetention permission. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10116,12 +10951,15 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // PutObjectTagging API operation for Amazon Simple Storage Service. // -// Sets the supplied tag-set to an object that already exists in a bucket. +// This operation is not supported by directory buckets. // -// A tag is a key-value pair. You can associate tags with an object by sending -// a PUT request against the tagging subresource that is associated with the -// object. You can retrieve tags by sending a GET request. For more information, -// see GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). +// Sets the supplied tag-set to an object that already exists in a bucket. A +// tag is a key-value pair. For more information, see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). +// +// You can associate tags with an object by sending a PUT request against the +// tagging subresource that is associated with the object. You can retrieve +// tags by sending a GET request. For more information, see GetObjectTagging +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html). // // For tagging-related restrictions related to characters and encodings, see // Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html). @@ -10134,22 +10972,20 @@ func (c *S3) PutObjectTaggingRequest(input *PutObjectTaggingInput) (req *request // To put tags of any other version, use the versionId query parameter. You // also need permission for the s3:PutObjectVersionTagging action. // -// For information about the Amazon S3 object tagging feature, see Object Tagging -// (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). +// PutObjectTagging has the following special errors. For more Amazon S3 errors +// see, Error Responses (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html). // -// PutObjectTagging has the following special errors: +// - InvalidTag - The tag provided was not a valid tag. This error can occur +// if the tag did not pass input validation. For more information, see Object +// Tagging (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html). // -// - Code: InvalidTagError Cause: The tag provided was not a valid tag. This -// error can occur if the tag did not pass input validation. For more information, -// see Object Tagging (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-tagging.html). +// - MalformedXML - The XML provided does not match the schema. // -// - Code: MalformedXMLError Cause: The XML provided does not match the schema. +// - OperationAborted - A conflicting conditional action is currently in +// progress against this resource. Please try again. // -// - Code: OperationAbortedError Cause: A conflicting conditional action -// is currently in progress against this resource. Please try again. -// -// - Code: InternalError Cause: The service was unable to apply the provided -// tag to the object. +// - InternalError - The service was unable to apply the provided tag to +// the object. // // The following operations are related to PutObjectTagging: // @@ -10233,6 +11069,8 @@ func (c *S3) PutPublicAccessBlockRequest(input *PutPublicAccessBlockInput) (req // PutPublicAccessBlock API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Creates or modifies the PublicAccessBlock configuration for an Amazon S3 // bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock // permission. For more information about Amazon S3 permissions, see Specifying @@ -10329,9 +11167,11 @@ func (c *S3) RestoreObjectRequest(input *RestoreObjectInput) (req *request.Reque // RestoreObject API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // # Restores an archived copy of an object back into Amazon S3 // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // This action performs the following types of requests: // @@ -10591,6 +11431,8 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SelectObjectContent API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // This action filters the contents of an Amazon S3 object based on a simple // structured query language (SQL) statement. In the request, along with the // SQL expression, you must also specify a data serialization format (JSON, @@ -10599,7 +11441,7 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // SQL expression. You must also specify the data serialization format for the // response. // -// This action is not supported by Amazon S3 on Outposts. +// This functionality is not supported for Amazon S3 on Outposts. // // For more information about Amazon S3 Select, see Selecting Content from Objects // (https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html) @@ -10608,7 +11450,7 @@ func (c *S3) SelectObjectContentRequest(input *SelectObjectContentInput) (req *r // // # Permissions // -// You must have s3:GetObject permission for this operation. Amazon S3 Select +// You must have the s3:GetObject permission for this operation. Amazon S3 Select // does not support anonymous access. For more information about permissions, // see Specifying Permissions in a Policy (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html) // in the Amazon S3 User Guide. @@ -10921,15 +11763,15 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // // Uploads a part in a multipart upload. // -// In this operation, you provide part data in your request. However, you have -// an option to specify your existing Amazon S3 object as a data source for -// the part you are uploading. To upload a part from an existing object, you -// use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) +// In this operation, you provide new data as a part of an object in your request. +// However, you have an option to specify your existing Amazon S3 object as +// a data source for the part you are uploading. To upload a part from an existing +// object, you use the UploadPartCopy (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html) // operation. // // You must initiate a multipart upload (see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html)) // before you can upload any part. In response to your initiate request, Amazon -// S3 returns an upload ID, a unique identifier, that you must include in your +// S3 returns an upload ID, a unique identifier that you must include in your // upload part request. // // Part numbers can be any number from 1 to 10,000, inclusive. A part number @@ -10941,18 +11783,8 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) // in the Amazon S3 User Guide. // -// To ensure that data is not corrupted when traversing the network, specify -// the Content-MD5 header in the upload part request. Amazon S3 checks the part -// data against the provided MD5 value. If they do not match, Amazon S3 returns -// an error. -// -// If the upload request is signed with Signature Version 4, then Amazon Web -// Services S3 uses the x-amz-content-sha256 header as a checksum instead of -// Content-MD5. For more information see Authenticating Requests: Using the -// Authorization Header (Amazon Web Services Signature Version 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). -// -// Note: After you initiate multipart upload and upload one or more parts, you -// must either complete or abort multipart upload in order to stop getting charged +// After you initiate multipart upload and upload one or more parts, you must +// either complete or abort multipart upload in order to stop getting charged // for storage of the uploaded parts. Only after you either complete or abort // multipart upload, Amazon S3 frees up the parts storage and stops charging // you for the parts storage. @@ -10961,50 +11793,88 @@ func (c *S3) UploadPartRequest(input *UploadPartInput) (req *request.Request, ou // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in the // Amazon S3 User Guide . // -// For information on the permissions required to use the multipart upload API, -// go to Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) // in the Amazon S3 User Guide. // -// Server-side encryption is for data encryption at rest. Amazon S3 encrypts -// your data as it writes it to disks in its data centers and decrypts it when -// you access it. You have three mutually exclusive options to protect data -// using server-side encryption in Amazon S3, depending on how you choose to -// manage the encryption keys. Specifically, the encryption key options are -// Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), -// and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side -// encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally -// tell Amazon S3 to encrypt data at rest using server-side encryption with -// other key options. The option you use depends on whether you want to use -// KMS keys (SSE-KMS) or provide your own encryption key (SSE-C). If you choose -// to provide your own encryption key, the request headers you provide in the -// request must match the headers you used in the request to initiate the upload -// by using CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). -// For more information, go to Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) +// Permissions +// +// - General purpose bucket permissions - For information on the permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// in the Amazon S3 User Guide. +// +// - Directory bucket permissions - To grant access to this API operation +// on a directory bucket, we recommend that you use the CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html) +// API operation for session-based authorization. Specifically, you grant +// the s3express:CreateSession permission to the directory bucket in a bucket +// policy or an IAM identity-based policy. Then, you make the CreateSession +// API call on the bucket to obtain a session token. With the session token +// in your request header, you can make API requests to this operation. After +// the session token expires, you make another CreateSession API call to +// generate a new session token for use. Amazon Web Services CLI or SDKs +// create session and refresh the session token automatically to avoid service +// interruptions when a session expires. For more information about authorization, +// see CreateSession (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html). +// +// # Data integrity +// +// General purpose bucket - To ensure that data is not corrupted traversing +// the network, specify the Content-MD5 header in the upload part request. Amazon +// S3 checks the part data against the provided MD5 value. If they do not match, +// Amazon S3 returns an error. If the upload request is signed with Signature +// Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header +// as a checksum instead of Content-MD5. For more information see Authenticating +// Requests: Using the Authorization Header (Amazon Web Services Signature Version +// 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html). +// +// Directory buckets - MD5 is not supported by directory buckets. You can use +// checksum algorithms to check object integrity. +// +// Encryption +// +// - General purpose bucket - Server-side encryption is for data encryption +// at rest. Amazon S3 encrypts your data as it writes it to disks in its +// data centers and decrypts it when you access it. You have mutually exclusive +// options to protect data using server-side encryption in Amazon S3, depending +// on how you choose to manage the encryption keys. Specifically, the encryption +// key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS +// keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts +// data with server-side encryption using Amazon S3 managed keys (SSE-S3) +// by default. You can optionally tell Amazon S3 to encrypt data at rest +// using server-side encryption with other key options. The option you use +// depends on whether you want to use KMS keys (SSE-KMS) or provide your +// own encryption key (SSE-C). Server-side encryption is supported by the +// S3 Multipart Upload operations. Unless you are using a customer-provided +// encryption key (SSE-C), you don't need to specify the encryption parameters +// in each UploadPart request. Instead, you only need to specify the server-side +// encryption parameters in the initial Initiate Multipart request. For more +// information, see CreateMultipartUpload (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// If you request server-side encryption using a customer-provided encryption +// key (SSE-C) in your initiate multipart upload request, you must provide +// identical encryption information in each part upload using the following +// request headers. x-amz-server-side-encryption-customer-algorithm x-amz-server-side-encryption-customer-key +// x-amz-server-side-encryption-customer-key-MD5 +// +// - Directory bucket - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. +// +// For more information, see Using Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) // in the Amazon S3 User Guide. // -// Server-side encryption is supported by the S3 Multipart Upload actions. Unless -// you are using a customer-provided encryption key (SSE-C), you don't need -// to specify the encryption parameters in each UploadPart request. Instead, -// you only need to specify the server-side encryption parameters in the initial -// Initiate Multipart request. For more information, see CreateMultipartUpload -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html). +// Special errors // -// If you requested server-side encryption using a customer-provided encryption -// key (SSE-C) in your initiate multipart upload request, you must provide identical -// encryption information in each part upload using the following headers. +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found +// SOAP Fault Code Prefix: Client // -// - x-amz-server-side-encryption-customer-algorithm +// # HTTP Host header syntax // -// - x-amz-server-side-encryption-customer-key -// -// - x-amz-server-side-encryption-customer-key-MD5 -// -// UploadPart has the following special errors: -// -// - Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found SOAP Fault Code -// Prefix: Client +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to UploadPart: // @@ -11089,81 +11959,105 @@ func (c *S3) UploadPartCopyRequest(input *UploadPartCopyInput) (req *request.Req // UploadPartCopy API operation for Amazon Simple Storage Service. // -// Uploads a part by copying data from an existing object as data source. You -// specify the data source by adding the request header x-amz-copy-source in -// your request and a byte range by adding the request header x-amz-copy-source-range +// Uploads a part by copying data from an existing object as data source. To +// specify the data source, you add the request header x-amz-copy-source in +// your request. To specify a byte range, you add the request header x-amz-copy-source-range // in your request. // // For information about maximum and minimum part sizes and other multipart // upload specifications, see Multipart upload limits (https://docs.aws.amazon.com/AmazonS3/latest/userguide/qfacts.html) // in the Amazon S3 User Guide. // -// Instead of using an existing object as part data, you might use the UploadPart -// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) action -// and provide data in your request. +// Instead of copying data from an existing object as part data, you might use +// the UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html) +// action to upload new data as a part of an object in your request. // // You must initiate a multipart upload before you can upload any part. In response -// to your initiate request. Amazon S3 returns a unique identifier, the upload -// ID, that you must include in your upload part request. +// to your initiate request, Amazon S3 returns the upload ID, a unique identifier +// that you must include in your upload part request. // -// For more information about using the UploadPartCopy operation, see the following: +// For conceptual information about multipart uploads, see Uploading Objects +// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// in the Amazon S3 User Guide. For information about copying objects using +// a single atomic action vs. a multipart upload, see Operations on Objects +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) in +// the Amazon S3 User Guide. // -// - For conceptual information about multipart uploads, see Uploading Objects -// Using Multipart Upload (https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html) +// Directory buckets - For directory buckets, you must make requests for this +// API operation to the Zonal endpoint. These endpoints support virtual-hosted-style +// requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name +// . Path-style requests are not supported. For more information, see Regional +// and Zonal endpoints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html) +// in the Amazon S3 User Guide. +// +// # Authentication and authorization +// +// All UploadPartCopy requests must be authenticated and signed by using IAM +// credentials (access key ID and secret access key for the IAM identities). +// All headers with the x-amz- prefix, including x-amz-copy-source, must be +// signed. For more information, see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). +// +// Directory buckets - You must use IAM credentials to authenticate and authorize +// your access to the UploadPartCopy API operation, instead of using the temporary +// security credentials through the CreateSession API operation. +// +// Amazon Web Services CLI or SDKs handles authentication and authorization +// on your behalf. +// +// # Permissions +// +// You must have READ access to the source object and WRITE access to the destination +// bucket. +// +// - General purpose bucket permissions - You must have the permissions in +// a policy based on the bucket types of your source bucket and destination +// bucket in an UploadPartCopy operation. If the source object is in a general +// purpose bucket, you must have the s3:GetObject permission to read the +// source object that is being copied. If the destination bucket is a general +// purpose bucket, you must have the s3:PubObject permission to write the +// object copy to the destination bucket. For information about permissions +// required to use the multipart upload API, see Multipart Upload and Permissions +// (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) // in the Amazon S3 User Guide. // -// - For information about permissions required to use the multipart upload -// API, see Multipart Upload and Permissions (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html) +// - Directory bucket permissions - You must have permissions in a bucket +// policy or an IAM identity-based policy based on the source and destination +// bucket types in an UploadPartCopy operation. If the source object that +// you want to copy is in a directory bucket, you must have the s3express:CreateSession +// permission in the Action element of a policy to read the object . By default, +// the session is in the ReadWrite mode. If you want to restrict the access, +// you can explicitly set the s3express:SessionMode condition key to ReadOnly +// on the copy source bucket. If the copy destination is a directory bucket, +// you must have the s3express:CreateSession permission in the Action element +// of a policy to write the object to the destination. The s3express:SessionMode +// condition key cannot be set to ReadOnly on the copy destination. For example +// policies, see Example bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) +// and Amazon Web Services Identity and Access Management (IAM) identity-based +// policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html) // in the Amazon S3 User Guide. // -// - For information about copying objects using a single atomic action vs. -// a multipart upload, see Operations on Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectOperations.html) -// in the Amazon S3 User Guide. +// Encryption // -// - For information about using server-side encryption with customer-provided -// encryption keys with the UploadPartCopy operation, see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) +// - General purpose buckets - For information about using server-side encryption +// with customer-provided encryption keys with the UploadPartCopy operation, +// see CopyObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html) // and UploadPart (https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html). // -// Note the following additional considerations about the request headers x-amz-copy-source-if-match, -// x-amz-copy-source-if-none-match, x-amz-copy-source-if-unmodified-since, and -// x-amz-copy-source-if-modified-since: -// -// - Consideration 1 - If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since -// headers are present in the request as follows: x-amz-copy-source-if-match -// condition evaluates to true, and; x-amz-copy-source-if-unmodified-since -// condition evaluates to false; Amazon S3 returns 200 OK and copies the -// data. -// -// - Consideration 2 - If both of the x-amz-copy-source-if-none-match and -// x-amz-copy-source-if-modified-since headers are present in the request -// as follows: x-amz-copy-source-if-none-match condition evaluates to false, -// and; x-amz-copy-source-if-modified-since condition evaluates to true; -// Amazon S3 returns 412 Precondition Failed response code. -// -// # Versioning -// -// If your bucket has versioning enabled, you could have multiple versions of -// the same object. By default, x-amz-copy-source identifies the current version -// of the object to copy. If the current version is a delete marker and you -// don't specify a versionId in the x-amz-copy-source, Amazon S3 returns a 404 -// error, because the object does not exist. If you specify versionId in the -// x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns -// an HTTP 400 error, because you are not allowed to specify a delete marker -// as a version for the x-amz-copy-source. -// -// You can optionally specify a specific version of the source object to copy -// by adding the versionId subresource as shown in the following example: -// -// x-amz-copy-source: /bucket/object?versionId=version id +// - Directory buckets - For directory buckets, only server-side encryption +// with Amazon S3 managed keys (SSE-S3) (AES256) is supported. // // Special errors // -// - Code: NoSuchUpload Cause: The specified multipart upload does not exist. -// The upload ID might be invalid, or the multipart upload might have been -// aborted or completed. HTTP Status Code: 404 Not Found +// - Error Code: NoSuchUpload Description: The specified multipart upload +// does not exist. The upload ID might be invalid, or the multipart upload +// might have been aborted or completed. HTTP Status Code: 404 Not Found // -// - Code: InvalidRequest Cause: The specified copy source is not supported -// as a byte-range copy source. HTTP Status Code: 400 Bad Request +// - Error Code: InvalidRequest Description: The specified copy source is +// not supported as a byte-range copy source. HTTP Status Code: 400 Bad Request +// +// # HTTP Host header syntax +// +// Directory buckets - The HTTP Host header syntax is Bucket_name.s3express-az_id.region.amazonaws.com. // // The following operations are related to UploadPartCopy: // @@ -11256,6 +12150,8 @@ func (c *S3) WriteGetObjectResponseRequest(input *WriteGetObjectResponseInput) ( // WriteGetObjectResponse API operation for Amazon Simple Storage Service. // +// This operation is not supported by directory buckets. +// // Passes transformed objects to a GetObject operation when using Object Lambda // access points. For information about Object Lambda access points, see Transforming // objects with Object Lambda access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) @@ -11370,27 +12266,41 @@ type AbortMultipartUploadInput struct { // The bucket name to which the upload was taking place. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key of the object for which the multipart upload was initiated. @@ -11399,10 +12309,14 @@ type AbortMultipartUploadInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Upload ID that identifies the multipart upload. @@ -11523,6 +12437,8 @@ type AbortMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -12057,9 +12973,7 @@ func (s *AnalyticsS3BucketDestination) SetPrefix(v string) *AnalyticsS3BucketDes return s } -// In terms of implementation, a Bucket is a resource. An Amazon S3 bucket name -// is globally unique, and the namespace is shared by all Amazon Web Services -// accounts. +// In terms of implementation, a Bucket is a resource. type Bucket struct { _ struct{} `type:"structure"` @@ -12101,6 +13015,51 @@ func (s *Bucket) SetName(v string) *Bucket { return s } +// Specifies the information about the bucket that will be created. For more +// information about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type BucketInfo struct { + _ struct{} `type:"structure"` + + // The number of Availability Zone that's used for redundancy for the bucket. + DataRedundancy *string `type:"string" enum:"DataRedundancy"` + + // The type of bucket. + Type *string `type:"string" enum:"BucketType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BucketInfo) GoString() string { + return s.String() +} + +// SetDataRedundancy sets the DataRedundancy field's value. +func (s *BucketInfo) SetDataRedundancy(v string) *BucketInfo { + s.DataRedundancy = &v + return s +} + +// SetType sets the Type field's value. +func (s *BucketInfo) SetType(v string) *BucketInfo { + s.Type = &v + return s +} + // Specifies the lifecycle configuration for objects in an Amazon S3 bucket. // For more information, see Object Lifecycle Management (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) // in the Amazon S3 User Guide. @@ -12572,34 +13531,42 @@ type Checksum struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` } @@ -12759,19 +13726,33 @@ type CompleteMultipartUploadInput struct { // Name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -12805,9 +13786,9 @@ type CompleteMultipartUploadInput struct { // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -12819,16 +13800,23 @@ type CompleteMultipartUploadInput struct { MultipartUpload *CompletedMultipartUpload `locationName:"CompleteMultipartUpload" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The server-side encryption (SSE) algorithm used to encrypt the object. This - // parameter is needed only when the object was created using a checksum algorithm. - // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // parameter is required only when the object was created using a checksum algorithm + // or if your bucket policy requires the use of SSE-C. For more information, + // see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // The server-side encryption (SSE) customer managed key. This parameter is @@ -12836,6 +13824,8 @@ type CompleteMultipartUploadInput struct { // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CompleteMultipartUploadInput's // String and GoString methods. @@ -12845,6 +13835,8 @@ type CompleteMultipartUploadInput struct { // is needed only when the object was created using a checksum algorithm. For // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // ID for the initiated multipart upload. @@ -13021,55 +14013,52 @@ type CompleteMultipartUploadOutput struct { // The name of the bucket that contains the newly created object. Does not return // the access point ARN or access point alias if used. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // Access points are not supported by directory buckets. Bucket *string `type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -13085,6 +14074,8 @@ type CompleteMultipartUploadOutput struct { // If the object expiration is configured, this will contain the expiration // date (expiry-date) and rule ID (rule-id). The value of rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The object key of the newly created object. @@ -13095,11 +14086,15 @@ type CompleteMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CompleteMultipartUploadOutput's // String and GoString methods. @@ -13107,10 +14102,15 @@ type CompleteMultipartUploadOutput struct { // The server-side encryption algorithm used when storing this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created object, in case the bucket has versioning // turned on. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -13263,34 +14263,42 @@ type CompletedPart struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -13299,6 +14307,16 @@ type CompletedPart struct { // Part number that identifies the part. This is a positive integer between // 1 and 10,000. + // + // * General purpose buckets - In CompleteMultipartUpload, when a additional + // checksum (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) is applied to each part, the PartNumber must + // start at 1 and the part numbers must be consecutive. Otherwise, Amazon + // S3 generates an HTTP 400 Bad Request status code and an InvalidPartOrder + // error code. + // + // * Directory buckets - In CompleteMultipartUpload, the PartNumber must + // start at 1 and the part numbers must be consecutive. PartNumber *int64 `type:"integer"` } @@ -13458,26 +14476,60 @@ func (s *ContinuationEvent) MarshalEvent(pm protocol.PayloadMarshaler) (msg even type CopyObjectInput struct { _ struct{} `locationName:"CopyObjectRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned access control list (ACL) to apply to the object. // - // This action is not supported by Amazon S3 on Outposts. + // When you copy an object, the ACL metadata is not preserved and is set to + // private by default. Only the owner has full access control. To override the + // default ACL setting, specify a new ACL when you generate a copy request. + // For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // + // If the destination bucket that you're copying objects to uses the bucket + // owner enforced setting for S3 Object Ownership, ACLs are disabled and no + // longer affect permissions. Buckets that use this setting only accept PUT + // requests that don't specify an ACL or PUT requests that specify bucket owner + // full control ACLs, such as the bucket-owner-full-control canned ACL or an + // equivalent form of this ACL expressed in the XML format. For more information, + // see Controlling ownership of objects and disabling ACLs (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // * If your destination bucket uses the bucket owner enforced setting for + // Object Ownership, all objects written to the bucket by any account will + // be owned by the bucket owner. + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // The name of the destination bucket. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -13485,44 +14537,73 @@ type CopyObjectInput struct { // Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption // with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). - // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for - // object encryption with SSE-KMS. + // If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the + // object. // - // Specifying this header with a COPY action doesn’t affect bucket-level settings - // for S3 Bucket Key. + // Setting this header to true causes Amazon S3 to use an S3 Bucket Key for + // object encryption with SSE-KMS. Specifying this header with a COPY action + // doesn’t affect bucket-level settings for S3 Bucket Key. + // + // For more information, see Amazon S3 Bucket Keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` - // Specifies caching behavior along the request/reply chain. + // Specifies the caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm you want Amazon S3 to use to create the checksum + // Indicates the algorithm that you want Amazon S3 to use to create the checksum // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. + // + // When you copy an object, if the source object has a checksum, that checksum + // value will be copied to the new object by default. If the CopyObject request + // does not include this x-amz-checksum-algorithm header, the checksum algorithm + // will be copied from the source object to the destination object (if it's + // present on the source object). You can optionally specify a different checksum + // algorithm to use with the x-amz-checksum-algorithm header. Unrecognized or + // unsupported values will respond with the HTTP status code 400 Bad Request. + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // Specifies presentational information for the object. + // Specifies presentational information for the object. Indicates whether an + // object should be displayed in a web browser or downloaded as a file. It allows + // specifying the desired filename for the downloaded file. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` // The language the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` - // A standard MIME type describing the format of the object data. + // A standard MIME type that describes the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies the source object for the copy operation. You specify the value - // in one of two formats, depending on whether you want to access the source - // object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): + // Specifies the source object for the copy operation. The source object can + // be up to 5 GB. If the source object is an object that was uploaded by using + // a multipart upload, the object copy will be a single part object after the + // source object is copied to the destination bucket. + // + // You specify the value of the copy source in one of two formats, depending + // on whether you want to access the source object through an access point (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html): // // * For objects not accessed through an access point, specify the name of // the source bucket and the key of the source object, separated by a slash - // (/). For example, to copy the object reports/january.pdf from the bucket - // awsexamplebucket, use awsexamplebucket/reports/january.pdf. The value - // must be URL-encoded. + // (/). For example, to copy the object reports/january.pdf from the general + // purpose bucket awsexamplebucket, use awsexamplebucket/reports/january.pdf. + // The value must be URL-encoded. To copy the object reports/january.pdf + // from the directory bucket awsexamplebucket--use1-az5--x-s3, use awsexamplebucket--use1-az5--x-s3/reports/january.pdf. + // The value must be URL-encoded. // // * For objects accessed through access points, specify the Amazon Resource // Name (ARN) of the object as accessed through the access point, in the @@ -13531,43 +14612,104 @@ type CopyObjectInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same Amazon Web Services Region. Alternatively, for objects accessed through - // Amazon S3 on Outposts, specify the ARN of the object as accessed in the - // format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // If your source bucket versioning is enabled, the x-amz-copy-source header + // by default identifies the current version of an object to copy. If the current + // version is a delete marker, Amazon S3 behaves as if the object was deleted. + // To copy a different version, use the versionId query parameter. Specifically, + // append ?versionId= to the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). // If you don't specify a version ID, Amazon S3 copies the latest version of // the source object. // + // If you enable versioning on the destination bucket, Amazon S3 generates a + // unique version ID for the copied object. This version ID is different from + // the version ID of the source object. Amazon S3 returns the version ID of + // the copied object in the x-amz-version-id response header in the response. + // + // If you do not enable versioning or suspend it on the destination bucket, + // the version ID that Amazon S3 generates in the x-amz-version-id response + // header is always null. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. + // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // the 412 Precondition Failed response code: + // + // * x-amz-copy-source-if-none-match condition evaluates to false + // + // * x-amz-copy-source-if-modified-since condition evaluates to true CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request and evaluate as follows, Amazon S3 returns + // 200 OK and copies the data: + // + // * x-amz-copy-source-if-match condition evaluates to true + // + // * x-amz-copy-source-if-unmodified-since condition evaluates to false CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt - // the source object. The encryption key provided in this header must be one - // that was used when the source object was created. + // the source object. The encryption key provided in this header must be the + // same one that was used when the source object was created. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. // // CopySourceSSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's @@ -13577,16 +14719,23 @@ type CopyObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // If the source object for the copy is stored in Amazon S3 using SSE-C, you + // must provide the necessary encryption information in your request so that + // Amazon S3 can decrypt the object for copying. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account ID of the expected source bucket owner. If the source bucket - // is owned by a different account, the request fails with the HTTP status code - // 403 Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. @@ -13594,22 +14743,30 @@ type CopyObjectInput struct { // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // The key of the destination object. @@ -13621,35 +14778,69 @@ type CopyObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether the metadata is copied from the source object or replaced - // with metadata provided in the request. + // with metadata that's provided in the request. When copying an object, you + // can preserve all metadata (the default) or specify new metadata. If this + // header isn’t specified, COPY is the default behavior. + // + // General purpose bucket - For general purpose buckets, when you grant permissions, + // you can use the s3:x-amz-metadata-directive condition key to enforce certain + // metadata behavior when objects are uploaded. For more information, see Amazon + // S3 condition key examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html) + // in the Amazon S3 User Guide. + // + // x-amz-website-redirect-location is unique to each object and is not copied + // when using the x-amz-metadata-directive header. To copy the value, you must + // specify x-amz-website-redirect-location in the request header. MetadataDirective *string `location:"header" locationName:"x-amz-metadata-directive" type:"string" enum:"MetadataDirective"` - // Specifies whether you want to apply a legal hold to the copied object. + // Specifies whether you want to apply a legal hold to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode that you want to apply to the copied object. + // The Object Lock mode that you want to apply to the object copy. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` - // The date and time when you want the copied object's Object Lock to expire. + // The date and time when you want the Object Lock of the object copy to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting - // data. This value is used to store the object and then it is discarded; Amazon + // data. This value is used to store the object and then it is discarded. Amazon // S3 does not store the encryption key. The key must be appropriate for use // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. @@ -13658,55 +14849,201 @@ type CopyObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding - // JSON with the encryption context key-value pairs. + // JSON with the encryption context key-value pairs. This value must be explicitly + // added to specify encryption context for CopyObject requests. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the KMS key ID to use for object encryption. All GET and PUT requests - // for an object protected by KMS will fail if they're not made via SSL or using - // SigV4. For information about configuring any of the officially supported - // Amazon Web Services SDKs and Amazon Web Services CLI, see Specifying the - // Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) + // Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for object encryption. + // All GET and PUT requests for an object protected by KMS will fail if they're + // not made via SSL or using SigV4. For information about configuring any of + // the officially supported Amazon Web Services SDKs and Amazon Web Services + // CLI, see Specifying the Signature Version in Request Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) // in the Amazon S3 User Guide. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // S3 (for example, AES256, aws:kms, aws:kms:dsse). Unrecognized or unsupported + // values won’t write a destination object and will receive a 400 Bad Request + // response. + // + // Amazon S3 automatically encrypts all new objects that are copied to an S3 + // bucket. When copying an object, if you don't specify encryption information + // in your copy request, the encryption setting of the target object is set + // to the default encryption configuration of the destination bucket. By default, + // all buckets have a base level of encryption configuration that uses server-side + // encryption with Amazon S3 managed keys (SSE-S3). If the destination bucket + // has a default encryption configuration that uses server-side encryption with + // Key Management Service (KMS) keys (SSE-KMS), dual-layer server-side encryption + // with Amazon Web Services KMS keys (DSSE-KMS), or server-side encryption with + // customer-provided encryption keys (SSE-C), Amazon S3 uses the corresponding + // KMS key, or a customer-provided key to encrypt the target object copy. + // + // When you perform a CopyObject operation, if you want to use a different type + // of encryption setting for the target object, you can specify appropriate + // encryption-related headers to encrypt the target object with an Amazon S3 + // managed key, a KMS key, or a customer-provided key. If the encryption setting + // in your request is different from the default encryption configuration of + // the destination bucket, the encryption setting in your request takes precedence. + // + // With server-side encryption, Amazon S3 encrypts your data as it writes your + // data to disks in its data centers and decrypts the data when you access it. + // For more information about server-side encryption, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) + // in the Amazon S3 User Guide. + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // By default, Amazon S3 uses the STANDARD Storage Class to store newly created - // objects. The STANDARD storage class provides high durability and high availability. - // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // If the x-amz-storage-class header is not used, the copied object will be + // stored in the STANDARD Storage Class by default. The STANDARD storage class + // provides high durability and high availability. Depending on performance + // needs, you can specify a different Storage Class. + // + // * Directory buckets - For directory buckets, only the S3 Express One Zone + // storage class is supported to store newly created objects. Unsupported + // storage class values won't write a destination object and will respond + // with the HTTP status code 400 Bad Request. + // + // * Amazon S3 on Outposts - S3 on Outposts only uses the OUTPOSTS Storage + // Class. + // + // You can use the CopyObject action to change the storage class of an object + // that is already stored in Amazon S3 by using the x-amz-storage-class header. + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // in the Amazon S3 User Guide. + // + // Before using an object as a source object for the copy operation, you must + // restore a copy of it if it meets any of the following conditions: + // + // * The storage class of the source object is GLACIER or DEEP_ARCHIVE. + // + // * The storage class of the source object is INTELLIGENT_TIERING and it's + // S3 Intelligent-Tiering access tier (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html#intel-tiering-tier-definition) + // is Archive Access or Deep Archive Access. + // + // For more information, see RestoreObject (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html) + // and Copying Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html) // in the Amazon S3 User Guide. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The tag-set for the object destination object this value must be used in - // conjunction with the TaggingDirective. The tag-set must be encoded as URL - // Query parameters. + // The tag-set for the object copy in the destination bucket. This value must + // be used in conjunction with the x-amz-tagging-directive if you choose REPLACE + // for the x-amz-tagging-directive. If you choose COPY for the x-amz-tagging-directive, + // you don't need to set the x-amz-tagging header, because the tag-set will + // be copied from the source object directly. The tag-set must be encoded as + // URL Query parameters. + // + // The default value is the empty value. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` - // Specifies whether the object tag-set are copied from the source object or - // replaced with tag-set provided in the request. + // Specifies whether the object tag-set is copied from the source object or + // replaced with the tag-set that's provided in the request. + // + // The default value is COPY. + // + // Directory buckets - For directory buckets in a CopyObject operation, only + // the empty tag-set is supported. Any requests that attempt to write non-empty + // tags into directory buckets will receive a 501 Not Implemented status code. + // When the destination bucket is a directory bucket, you will receive a 501 + // Not Implemented response in any of the following situations: + // + // * When you attempt to COPY the tag-set from an S3 source object that has + // non-empty tags. + // + // * When you attempt to REPLACE the tag-set of a source object and set a + // non-empty value to x-amz-tagging. + // + // * When you don't set the x-amz-tagging-directive header and the source + // object has non-empty tags. This is because the default value of x-amz-tagging-directive + // is COPY. + // + // Because only the empty tag-set is supported for directory buckets in a CopyObject + // operation, the following situations are allowed: + // + // * When you attempt to COPY the tag-set from a directory bucket source + // object that has no tags to a general purpose bucket. It copies an empty + // tag-set to the destination object. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and set the x-amz-tagging value of the directory bucket destination + // object to empty. + // + // * When you attempt to REPLACE the tag-set of a general purpose bucket + // source object that has non-empty tags and set the x-amz-tagging value + // of the directory bucket destination object to empty. + // + // * When you attempt to REPLACE the tag-set of a directory bucket source + // object and don't set the x-amz-tagging value of the directory bucket destination + // object. This is because the default value of x-amz-tagging is the empty + // value. TaggingDirective *string `location:"header" locationName:"x-amz-tagging-directive" type:"string" enum:"TaggingDirective"` - // If the bucket is configured as a website, redirects requests for this object - // to another object in the same bucket or to an external URL. Amazon S3 stores - // the value of this header in the object metadata. This value is unique to - // each object and is not copied when using the x-amz-metadata-directive header. - // Instead, you may opt to provide this header in combination with the directive. + // If the destination bucket is configured as a website, redirects requests + // for this object copy to another object in the same bucket or to an external + // URL. Amazon S3 stores the value of this header in the object metadata. This + // value is unique to each object and is not copied when using the x-amz-metadata-directive + // header. Instead, you may opt to provide this header in combination with the + // x-amz-metadata-directive header. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -14052,53 +15389,75 @@ type CopyObjectOutput struct { // Indicates whether the copied object uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. CopyObjectResult *CopyObjectResult `type:"structure"` - // Version of the copied object in the destination bucket. + // Version ID of the source object that was copied. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If the object expiration is configured, the response includes this header. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CopyObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Version ID of the newly created copy. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -14191,34 +15550,26 @@ type CopyObjectResult struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -14289,34 +15640,42 @@ type CopyPartResult struct { _ struct{} `type:"structure"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -14385,8 +15744,29 @@ func (s *CopyPartResult) SetLastModified(v time.Time) *CopyPartResult { type CreateBucketConfiguration struct { _ struct{} `type:"structure"` - // Specifies the Region where the bucket will be created. If you don't specify - // a Region, the bucket is created in the US East (N. Virginia) Region (us-east-1). + // Specifies the information about the bucket that will be created. + // + // This functionality is only supported by directory buckets. + Bucket *BucketInfo `type:"structure"` + + // Specifies the location where the bucket will be created. + // + // For directory buckets, the location type is Availability Zone. + // + // This functionality is only supported by directory buckets. + Location *LocationInfo `type:"structure"` + + // Specifies the Region where the bucket will be created. You might choose a + // Region to optimize latency, minimize costs, or address regulatory requirements. + // For example, if you reside in Europe, you will probably find it advantageous + // to create buckets in the Europe (Ireland) Region. For more information, see + // Accessing a bucket (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro) + // in the Amazon S3 User Guide. + // + // If you don't specify a Region, the bucket is created in the US East (N. Virginia) + // Region (us-east-1) by default. + // + // This functionality is not supported for directory buckets. LocationConstraint *string `type:"string" enum:"BucketLocationConstraint"` } @@ -14408,6 +15788,22 @@ func (s CreateBucketConfiguration) GoString() string { return s.String() } +// SetBucket sets the Bucket field's value. +func (s *CreateBucketConfiguration) SetBucket(v *BucketInfo) *CreateBucketConfiguration { + s.Bucket = v + return s +} + +func (s *CreateBucketConfiguration) getBucket() (v *BucketInfo) { + return s.Bucket +} + +// SetLocation sets the Location field's value. +func (s *CreateBucketConfiguration) SetLocation(v *LocationInfo) *CreateBucketConfiguration { + s.Location = v + return s +} + // SetLocationConstraint sets the LocationConstraint field's value. func (s *CreateBucketConfiguration) SetLocationConstraint(v string) *CreateBucketConfiguration { s.LocationConstraint = &v @@ -14418,10 +15814,25 @@ type CreateBucketInput struct { _ struct{} `locationName:"CreateBucketRequest" type:"structure" payload:"CreateBucketConfiguration"` // The canned ACL to apply to the bucket. + // + // This functionality is not supported for directory buckets. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"BucketCannedACL"` // The name of the bucket to create. // + // General purpose buckets - For information about bucket naming restrictions, + // see Bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` @@ -14430,24 +15841,36 @@ type CreateBucketInput struct { // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. + // + // This functionality is not supported for directory buckets. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. + // + // This functionality is not supported for directory buckets. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. + // + // This functionality is not supported for directory buckets. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to create new objects in the bucket. // // For the bucket and object owners of existing objects, also allows deletions // and overwrites of those objects. + // + // This functionality is not supported for directory buckets. GrantWrite *string `location:"header" locationName:"x-amz-grant-write" type:"string"` // Allows grantee to write the ACL for the applicable bucket. + // + // This functionality is not supported for directory buckets. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Specifies whether you want S3 Object Lock to be enabled for the new bucket. + // + // This functionality is not supported for directory buckets. ObjectLockEnabledForBucket *bool `location:"header" locationName:"x-amz-bucket-object-lock-enabled" type:"boolean"` // The container element for object ownership for a bucket's ownership controls. @@ -14462,8 +15885,19 @@ type CreateBucketInput struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that - // don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control - // canned ACL or an equivalent form of this ACL expressed in the XML format. + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. ObjectOwnership *string `location:"header" locationName:"x-amz-object-ownership" type:"string" enum:"ObjectOwnership"` } @@ -14602,26 +16036,54 @@ func (s *CreateBucketOutput) SetLocation(v string) *CreateBucketOutput { type CreateMultipartUploadInput struct { _ struct{} `locationName:"CreateMultipartUploadRequest" type:"structure"` - // The canned ACL to apply to the object. + // The canned ACL to apply to the object. Amazon S3 supports a set of predefined + // ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees + // and permissions. For more information, see Canned ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. // - // This action is not supported by Amazon S3 on Outposts. + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can grant access permissions to individual + // Amazon Web Services accounts or to predefined groups defined by Amazon S3. + // These permissions are then added to the access control list (ACL) on the + // new object. For more information, see Using ACLs (https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html). + // One way to grant the permissions using the request headers is to specify + // a canned ACL with the x-amz-acl request header. + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` - // The name of the bucket to which to initiate the upload + // The name of the bucket where the multipart upload is initiated and where + // the object is uploaded. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -14634,12 +16096,14 @@ type CreateMultipartUploadInput struct { // // Specifying this header with an object action doesn’t affect bucket-level // settings for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm you want Amazon S3 to use to create the checksum + // Indicates the algorithm that you want Amazon S3 to use to create the checksum // for the object. For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` @@ -14650,40 +16114,175 @@ type CreateMultipartUploadInput struct { // Specifies what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. + // + // For directory buckets, only the aws-chunked value is supported in this header + // field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` - // The language the content is in. + // The language that the content is in. ContentLanguage *string `location:"header" locationName:"Content-Language" type:"string"` // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. Expires *time.Time `location:"header" locationName:"Expires" type:"timestamp"` - // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. + // Specify access permissions explicitly to give the grantee READ, READ_ACP, + // and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` - // Allows grantee to read the object data and its metadata. + // Specify access permissions explicitly to allow grantee to read the object + // data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` - // Allows grantee to read the object ACL. + // Specify access permissions explicitly to allows grantee to read the object + // ACL. // - // This action is not supported by Amazon S3 on Outposts. + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` - // Allows grantee to write the ACL for the applicable object. + // Specify access permissions explicitly to allows grantee to allow grantee + // to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // By default, all objects are private. Only the owner has full access control. + // When uploading an object, you can use this header to explicitly grant access + // permissions to specific Amazon Web Services accounts or groups. This header + // maps to specific permissions that Amazon S3 supports in an ACL. For more + // information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // in the Amazon S3 User Guide. + // + // You specify each grantee as a type=value pair, where the type is one of the + // following: + // + // * id – if the value specified is the canonical user ID of an Amazon + // Web Services account + // + // * uri – if you are granting permissions to a predefined group + // + // * emailAddress – if the value specified is the email address of an Amazon + // Web Services account Using email addresses to specify a grantee is only + // supported in the following Amazon Web Services Regions: US East (N. Virginia) + // US West (N. California) US West (Oregon) Asia Pacific (Singapore) Asia + // Pacific (Sydney) Asia Pacific (Tokyo) Europe (Ireland) South America (São + // Paulo) For a list of all the Amazon S3 supported Regions and endpoints, + // see Regions and Endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) + // in the Amazon Web Services General Reference. + // + // For example, the following x-amz-grant-read header grants the Amazon Web + // Services accounts identified by account IDs permissions to read object data + // and its metadata: + // + // x-amz-grant-read: id="11112222333", id="444455556666" + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the multipart upload is to be initiated. @@ -14695,23 +16294,34 @@ type CreateMultipartUploadInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether you want to apply a legal hold to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // Specifies the Object Lock mode that you want to apply to the uploaded object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // Specifies the date and time when you want the Object Lock to expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -14720,56 +16330,70 @@ type CreateMultipartUploadInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding // JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // Specifies the ID of the symmetric encryption customer managed key to use - // for object encryption. All GET and PUT requests for an object protected by - // KMS will fail if they're not made via SSL or using SigV4. For information - // about configuring any of the officially supported Amazon Web Services SDKs - // and Amazon Web Services CLI, see Specifying the Signature Version in Request - // Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) - // in the Amazon S3 User Guide. + // Specifies the ID (Key ID, Key ARN, or Key Alias) of the symmetric encryption + // customer managed key to use for object encryption. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -15042,38 +16666,32 @@ type CreateMultipartUploadOutput struct { // name in the request, the response includes this header. The header indicates // when the initiated multipart upload becomes eligible for an abort operation. // For more information, see Aborting Incomplete Multipart Uploads Using a Bucket - // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config). + // Lifecycle Configuration (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html#mpu-abort-incomplete-mpu-lifecycle-config) + // in the Amazon S3 User Guide. // // The response also includes the x-amz-abort-rule-id header that provides the - // ID of the lifecycle configuration rule that defines this action. + // ID of the lifecycle configuration rule that defines the abort action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // the applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` // The name of the bucket to which the multipart upload was initiated. Does // not return the access point ARN or access point alias if used. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. + // Access points are not supported by directory buckets. Bucket *string `locationName:"Bucket" type:"string"` // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The algorithm that was used to create a checksum of the object. @@ -15084,37 +16702,50 @@ type CreateMultipartUploadOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateMultipartUploadOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // ID for the initiated multipart upload. @@ -15224,6 +16855,136 @@ func (s *CreateMultipartUploadOutput) SetUploadId(v string) *CreateMultipartUplo return s } +type CreateSessionInput struct { + _ struct{} `locationName:"CreateSessionRequest" type:"structure"` + + // The name of the bucket that you create a session for. + // + // Bucket is a required field + Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` + + // Specifies the mode of the session that will be created, either ReadWrite + // or ReadOnly. By default, a ReadWrite session is created. A ReadWrite session + // is capable of executing all the Zonal endpoint APIs on a directory bucket. + // A ReadOnly session is constrained to execute the following Zonal endpoint + // APIs: GetObject, HeadObject, ListObjectsV2, GetObjectAttributes, ListParts, + // and ListMultipartUploads. + SessionMode *string `location:"header" locationName:"x-amz-create-session-mode" type:"string" enum:"SessionMode"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateSessionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateSessionInput"} + if s.Bucket == nil { + invalidParams.Add(request.NewErrParamRequired("Bucket")) + } + if s.Bucket != nil && len(*s.Bucket) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Bucket", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBucket sets the Bucket field's value. +func (s *CreateSessionInput) SetBucket(v string) *CreateSessionInput { + s.Bucket = &v + return s +} + +func (s *CreateSessionInput) getBucket() (v string) { + if s.Bucket == nil { + return v + } + return *s.Bucket +} + +// SetSessionMode sets the SessionMode field's value. +func (s *CreateSessionInput) SetSessionMode(v string) *CreateSessionInput { + s.SessionMode = &v + return s +} + +func (s *CreateSessionInput) getEndpointARN() (arn.Resource, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + return parseEndpointARN(*s.Bucket) +} + +func (s *CreateSessionInput) hasEndpointARN() bool { + if s.Bucket == nil { + return false + } + return arn.IsARN(*s.Bucket) +} + +// updateArnableField updates the value of the input field that +// takes an ARN as an input. This method is useful to backfill +// the parsed resource name from ARN into the input member. +// It returns a pointer to a modified copy of input and an error. +// Note that original input is not modified. +func (s CreateSessionInput) updateArnableField(v string) (interface{}, error) { + if s.Bucket == nil { + return nil, fmt.Errorf("member Bucket is nil") + } + s.Bucket = aws.String(v) + return &s, nil +} + +type CreateSessionOutput struct { + _ struct{} `type:"structure"` + + // The established temporary security credentials for the created session.. + // + // Credentials is a required field + Credentials *SessionCredentials `locationName:"Credentials" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateSessionOutput) GoString() string { + return s.String() +} + +// SetCredentials sets the Credentials field's value. +func (s *CreateSessionOutput) SetCredentials(v *SessionCredentials) *CreateSessionOutput { + s.Credentials = v + return s +} + // The container element for specifying the default Object Lock retention settings // for new objects placed in the specified bucket. // @@ -15289,6 +17050,11 @@ type Delete struct { // The object to delete. // + // Directory buckets - For directory buckets, an object that's composed entirely + // of whitespace characters is not supported by the DeleteObjects API operation. + // The request will receive a 400 Bad Request error and none of the objects + // in the request will be deleted. + // // Objects is a required field Objects []*ObjectIdentifier `locationName:"Object" type:"list" flattened:"true" required:"true"` @@ -15358,9 +17124,9 @@ type DeleteBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -15488,9 +17254,9 @@ type DeleteBucketCorsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15605,9 +17371,9 @@ type DeleteBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15718,12 +17484,25 @@ type DeleteBucketInput struct { // Specifies the bucket being deleted. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -15935,9 +17714,9 @@ type DeleteBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -16065,9 +17844,9 @@ type DeleteBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16181,9 +17960,9 @@ type DeleteBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the metrics configuration. The ID has a 64 character @@ -16334,9 +18113,9 @@ type DeleteBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16447,12 +18226,25 @@ type DeleteBucketPolicyInput struct { // The bucket name. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16566,9 +18358,9 @@ type DeleteBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16682,9 +18474,9 @@ type DeleteBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16798,9 +18590,9 @@ type DeleteBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -16917,7 +18709,7 @@ type DeleteMarkerEntry struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // The account that created the delete marker.> @@ -17026,19 +18818,33 @@ type DeleteObjectInput struct { // The bucket name of the bucket containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17047,11 +18853,13 @@ type DeleteObjectInput struct { // Indicates whether S3 Object Lock should bypass Governance-mode restrictions // to process this operation. To use this header, you must have the s3:BypassGovernanceRetention // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Key name of the object to delete. @@ -17063,16 +18871,25 @@ type DeleteObjectInput struct { // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -17195,16 +19012,24 @@ func (s DeleteObjectInput) updateArnableField(v string) (interface{}, error) { type DeleteObjectOutput struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Returns the version ID of the delete marker created as a result of the DELETE // operation. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -17249,27 +19074,30 @@ type DeleteObjectTaggingInput struct { // The bucket name containing the objects from which to remove the tags. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key that identifies the object in the bucket from which to remove all @@ -17416,19 +19244,33 @@ type DeleteObjectsInput struct { // The bucket name containing the objects to delete. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -17437,22 +19279,38 @@ type DeleteObjectsInput struct { // Specifies whether you want to delete this object even if it has a Governance-type // Object Lock in place. To use this header, you must have the s3:BypassGovernanceRetention // permission. + // + // This functionality is not supported for directory buckets. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm // parameter. // - // This checksum algorithm must be the same for all parts and it match the checksum - // value supplied in the CreateMultipartUpload request. - // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value // is specified for this parameter, the matching algorithm's checksum member @@ -17468,22 +19326,37 @@ type DeleteObjectsInput struct { // Delete is a required field Delete *Delete `locationName:"Delete" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, // and the value that is displayed on your authentication device. Required to // permanently delete a versioned object if versioning is configured with MFA // delete enabled. + // + // When performing the DeleteObjects operation on an MFA delete enabled bucket, + // which attempts to delete the specified versioned objects, you must include + // an MFA token. If you don't provide an MFA token, the entire request will + // fail, even if there are non-versioned objects that you are trying to delete. + // If you provide an invalid token, whether there are versioned object keys + // in the request or not, the entire Multi-Object Delete request will fail. + // For information about MFA Delete, see MFA Delete (https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. MFA *string `location:"header" locationName:"x-amz-mfa" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -17618,6 +19491,8 @@ type DeleteObjectsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -17665,9 +19540,9 @@ type DeletePublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -17777,20 +19652,27 @@ func (s DeletePublicAccessBlockOutput) GoString() string { type DeletedObject struct { _ struct{} `type:"structure"` - // Specifies whether the versioned object that was permanently deleted was (true) - // or was not (false) a delete marker. In a simple DELETE, this header indicates - // whether (true) or not (false) a delete marker was created. + // Indicates whether the specified object version that was permanently deleted + // was (true) or was not (false) a delete marker before deletion. In a simple + // DELETE, this header indicates whether (true) or not (false) the current version + // of the object is a delete marker. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `type:"boolean"` // The version ID of the delete marker created as a result of the DELETE operation. // If you delete a specific object version, the value returned by this header // is the version ID of the object version deleted. + // + // This functionality is not supported for directory buckets. DeleteMarkerVersionId *string `type:"string"` // The name of the deleted object. Key *string `min:"1" type:"string"` // The version ID of the deleted object. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -18506,6 +20388,8 @@ type Error struct { Message *string `type:"string"` // The version ID of the error. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -18731,16 +20615,20 @@ type GetBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -18835,6 +20723,8 @@ type GetBucketAccelerateConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // The accelerate configuration of the bucket. @@ -18876,10 +20766,10 @@ type GetBucketAclInput struct { // Specifies the S3 bucket whose ACL is being requested. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -18888,9 +20778,9 @@ type GetBucketAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19022,9 +20912,9 @@ type GetBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -19158,10 +21048,10 @@ type GetBucketCorsInput struct { // The bucket name for which to get the cors configuration. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -19170,9 +21060,9 @@ type GetBucketCorsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19297,9 +21187,9 @@ type GetBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19551,9 +21441,9 @@ type GetBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -19690,9 +21580,9 @@ type GetBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19815,9 +21705,9 @@ type GetBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -19937,10 +21827,10 @@ type GetBucketLocationInput struct { // The name of the bucket for which to get the location. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -19949,9 +21839,9 @@ type GetBucketLocationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20076,9 +21966,9 @@ type GetBucketLoggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20204,9 +22094,9 @@ type GetBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the metrics configuration. The ID has a 64 character @@ -20341,10 +22231,10 @@ type GetBucketNotificationConfigurationRequest struct { // The name of the bucket for which to get the notification configuration. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // When you use this API operation with an access point, provide the alias of + // the access point in place of the bucket name. // - // To use this API operation against an Object Lambda access point, provide + // When you use this API operation with an Object Lambda access point, provide // the alias of the Object Lambda access point in place of the bucket name. // If the Object Lambda access point alias in a request is not valid, the error // code InvalidAccessPointAliasError is returned. For more information about @@ -20353,9 +22243,9 @@ type GetBucketNotificationConfigurationRequest struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20447,9 +22337,9 @@ type GetBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20568,23 +22458,40 @@ func (s *GetBucketOwnershipControlsOutput) SetOwnershipControls(v *OwnershipCont type GetBucketPolicyInput struct { _ struct{} `locationName:"GetBucketPolicyRequest" type:"structure"` - // The bucket name for which to get the bucket policy. + // The bucket name to get the bucket policy for. // - // To use this API operation against an access point, provide the alias of the - // access point in place of the bucket name. + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide // - // To use this API operation against an Object Lambda access point, provide - // the alias of the Object Lambda access point in place of the bucket name. - // If the Object Lambda access point alias in a request is not valid, the error - // code InvalidAccessPointAliasError is returned. For more information about - // InvalidAccessPointAliasError, see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // Access points - When you use this API operation with an access point, provide + // the alias of the access point in place of the bucket name. + // + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // + // Access points and Object Lambda access points are not supported by directory + // buckets. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20707,9 +22614,9 @@ type GetBucketPolicyStatusInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20832,9 +22739,9 @@ type GetBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -20958,9 +22865,9 @@ type GetBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21083,9 +22990,9 @@ type GetBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21210,9 +23117,9 @@ type GetBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21346,9 +23253,9 @@ type GetBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -21496,8 +23403,10 @@ type GetObjectAclInput struct { // The bucket name that contains the object for which to get the ACL information. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -21506,9 +23415,9 @@ type GetObjectAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key of the object for which to get the ACL information. @@ -21517,13 +23426,19 @@ type GetObjectAclInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -21642,6 +23557,8 @@ type GetObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -21686,27 +23603,41 @@ type GetObjectAttributesInput struct { // The name of the bucket that contains the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The object key. @@ -21728,13 +23659,19 @@ type GetObjectAttributesInput struct { PartNumberMarker *int64 `location:"header" locationName:"x-amz-part-number-marker" type:"integer"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -21743,6 +23680,8 @@ type GetObjectAttributesInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectAttributesInput's // String and GoString methods. @@ -21751,9 +23690,16 @@ type GetObjectAttributesInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // The version ID used to reference a specific version of the object. + // + // S3 Versioning isn't enabled and supported for directory buckets. For this + // API operation, only the null value of the version ID is supported by directory + // buckets. You can only specify null to the versionId query parameter in the + // request. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -21915,6 +23861,8 @@ type GetObjectAttributesOutput struct { // Specifies whether the object retrieved was (true) or was not (false) a delete // marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An ETag is an opaque identifier assigned by a web server to a specific version @@ -21932,15 +23880,22 @@ type GetObjectAttributesOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Provides the storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. // // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // The version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -22038,6 +23993,15 @@ type GetObjectAttributesParts struct { // A container for elements related to a particular part. A response can contain // zero or more Parts elements. + // + // * General purpose buckets - For GetObjectAttributes, if a additional checksum + // (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, + // or x-amz-checksum-sha256) isn't applied to the object specified in the + // request, the response doesn't return Part. + // + // * Directory buckets - For GetObjectAttributes, no matter whether a additional + // checksum is applied to the object specified in the request, the response + // returns Part. Parts []*ObjectPart `locationName:"Part" type:"list" flattened:"true"` // The total number of parts. @@ -22103,21 +24067,37 @@ type GetObjectInput struct { // The bucket name containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When using an Object Lambda access point the hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. + // Object Lambda access points - When you use this action with an Object Lambda + // access point, you must direct requests to the Object Lambda access point + // hostname. The Object Lambda access point hostname takes the form AccessPointName-AccountId.s3-object-lambda.Region.amazonaws.com. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -22129,25 +24109,50 @@ type GetObjectInput struct { // validation. This feature is available in the AWS SDK for Go v2. ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Return the object only if its entity tag (ETag) is the same as the one specified; - // otherwise, return a 412 (precondition failed) error. + // Return the object only if its entity tag (ETag) is the same as the one specified + // in this header; otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` // Return the object only if it has been modified since the specified time; - // otherwise, return a 304 (not modified) error. + // otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified status code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one - // specified; otherwise, return a 304 (not modified) error. + // specified in this header; otherwise, return a 304 Not Modified error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows:If-None-Match condition evaluates to false, and; If-Modified-Since + // condition evaluates to true; then, S3 returns 304 Not Modified HTTP status + // code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` // Return the object only if it has not been modified since the specified time; - // otherwise, return a 412 (precondition failed) error. + // otherwise, return a 412 Precondition Failed error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: If-Match condition evaluates to true, and; If-Unmodified-Since + // condition evaluates to false; then, S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // Key of the object to get. @@ -22160,7 +24165,7 @@ type GetObjectInput struct { // Useful for downloading just a part of an object. PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer"` - // Downloads the specified range bytes of an object. For more information about + // Downloads the specified byte range of an object. For more information about // the HTTP Range header, see https://www.rfc-editor.org/rfc/rfc9110.html#name-range // (https://www.rfc-editor.org/rfc/rfc9110.html#name-range). // @@ -22168,16 +24173,20 @@ type GetObjectInput struct { Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Sets the Cache-Control header of the response. ResponseCacheControl *string `location:"querystring" locationName:"response-cache-control" type:"string"` - // Sets the Content-Disposition header of the response + // Sets the Content-Disposition header of the response. ResponseContentDisposition *string `location:"querystring" locationName:"response-content-disposition" type:"string"` // Sets the Content-Encoding header of the response. @@ -22192,27 +24201,92 @@ type GetObjectInput struct { // Sets the Expires header of the response. ResponseExpires *time.Time `location:"querystring" locationName:"response-expires" type:"timestamp" timestampFormat:"rfc822"` - // Specifies the algorithm to use to when decrypting the object (for example, - // AES256). + // Specifies the algorithm to use when decrypting the object (for example, AES256). + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` - // Specifies the customer-provided encryption key for Amazon S3 used to encrypt - // the data. This value is used to decrypt the object when recovering it and - // must match the one used when storing the data. The key must be appropriate - // for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm - // header. + // Specifies the customer-provided encryption key that you originally provided + // for Amazon S3 to encrypt the data before storing it. This value is used to + // decrypt the object when recovering it and must match the one used when storing + // the data. The key must be appropriate for use with the algorithm specified + // in the x-amz-server-side-encryption-customer-algorithm header. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectInput's // String and GoString methods. SSECustomerKey *string `marshal-as:"blob" location:"header" locationName:"x-amz-server-side-encryption-customer-key" type:"string" sensitive:"true"` - // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. - // Amazon S3 uses this header for a message integrity check to ensure that the - // encryption key was transmitted without error. + // Specifies the 128-bit MD5 digest of the customer-provided encryption key + // according to RFC 1321. Amazon S3 uses this header for a message integrity + // check to ensure that the encryption key was transmitted without error. + // + // If you encrypt an object by using server-side encryption with customer-provided + // encryption keys (SSE-C) when you store the object in Amazon S3, then when + // you GET the object, you must use the following headers: + // + // * x-amz-server-side-encryption-customer-algorithm + // + // * x-amz-server-side-encryption-customer-key + // + // * x-amz-server-side-encryption-customer-key-MD5 + // + // For more information about SSE-C, see Server-Side Encryption (Using Customer-Provided + // Encryption Keys) (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // By default, the GetObject operation returns the current version of an object. + // To return a different version, use the versionId subresource. + // + // * If you include a versionId in your request header, you must have the + // s3:GetObjectVersion permission to access a specific version of an object. + // The s3:GetObject permission is not required in this scenario. + // + // * If you request the current version of an object without a specific versionId + // in the request header, only the s3:GetObject permission is required. The + // s3:GetObjectVersion permission is not required in this scenario. + // + // * Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. For this API operation, only the null value of the version ID + // is supported by directory buckets. You can only specify null to the versionId + // query parameter in the request. + // + // For more information about versioning, see PutBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html). VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -22429,8 +24503,10 @@ type GetObjectLegalHoldInput struct { // The bucket name containing the object whose legal hold status you want to // retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -22439,9 +24515,9 @@ type GetObjectLegalHoldInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object whose legal hold status you want to retrieve. @@ -22450,10 +24526,14 @@ type GetObjectLegalHoldInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object whose legal hold status you want to retrieve. @@ -22600,8 +24680,10 @@ type GetObjectLockConfigurationInput struct { // The bucket whose Object Lock configuration you want to retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -22610,9 +24692,9 @@ type GetObjectLockConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -22730,7 +24812,7 @@ func (s *GetObjectLockConfigurationOutput) SetObjectLockConfiguration(v *ObjectL type GetObjectOutput struct { _ struct{} `type:"structure" payload:"Body"` - // Indicates that a range of bytes was specified. + // Indicates that a range of bytes was specified in the request. AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // Object data. @@ -22738,47 +24820,41 @@ type GetObjectOutput struct { // Indicates whether the object uses an S3 Bucket Key for server-side encryption // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. For more information, see Checking + // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. For more information, see + // Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -22795,23 +24871,40 @@ type GetObjectOutput struct { // A standard MIME type describing the format of the object data. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // Specifies whether the object retrieved was (true) or was not (false) a Delete + // Indicates whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // * If the current version of the object is a delete marker, Amazon S3 behaves + // as if the object was deleted and includes x-amz-delete-marker: true in + // the response. + // + // * If the specified version in the request is a delete marker, the response + // returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An entity tag (ETag) is an opaque identifier assigned by a web server to // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Creation date of the object. + // Date and time when the object was last modified. + // + // General purpose buckets - When you specify a versionId of the object in your + // request, if the specified version in the request is a delete marker, the + // response returns a 405 Method Not Allowed error and the Last-Modified: timestamp + // response header. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -22821,20 +24914,29 @@ type GetObjectOutput struct { // Set `aws.Config.LowerCaseHeaderMaps` to `true` to write unmarshaled keys to the map as lowercase. Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` - // This is set to the number of metadata entries not returned in x-amz-meta - // headers. This can happen if you create metadata using an API like SOAP that - // supports more flexible metadata than the REST API. For example, using SOAP, - // you can create metadata whose values are not legal HTTP headers. + // This is set to the number of metadata entries not returned in the headers + // that are prefixed with x-amz-meta-. This can happen if you create metadata + // using an API like SOAP that supports more flexible metadata than the REST + // API. For example, using SOAP, you can create metadata whose values are not + // legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Indicates whether this object has an active legal hold. This field is only // returned if you have permission to view an object's legal hold status. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` - // The Object Lock mode currently in place for this object. + // The Object Lock mode that's currently in place for this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when this object's Object Lock will expire. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. This value is only returned if you specify @@ -22843,51 +24945,80 @@ type GetObjectOutput struct { // Amazon S3 can return this if your request involves a bucket that is either // a source or destination in a replication rule. + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Provides information about object restoration action and expiration time // of the restored object copy. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // The number of tags, if any, on the object. + // The number of tags, if any, on the object, when you have the relevant permission + // to read object tags. + // + // You can use GetObjectTagging (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html) + // to retrieve the tag set associated with an object. + // + // This functionality is not supported for directory buckets. TagCount *int64 `location:"header" locationName:"x-amz-tagging-count" type:"integer"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -23131,8 +25262,10 @@ type GetObjectRetentionInput struct { // The bucket name containing the object whose retention settings you want to // retrieve. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -23141,9 +25274,9 @@ type GetObjectRetentionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object whose retention settings you want to retrieve. @@ -23152,10 +25285,14 @@ type GetObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID for the object whose retention settings you want to retrieve. @@ -23302,27 +25439,30 @@ type GetObjectTaggingInput struct { // The bucket name containing the object for which to get the tagging information. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which to get the tagging information. @@ -23331,10 +25471,14 @@ type GetObjectTaggingInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The versionId of the object for which to get the tagging information. @@ -23496,9 +25640,9 @@ type GetObjectTorrentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The object key for which to get the information. @@ -23507,10 +25651,14 @@ type GetObjectTorrentInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` } @@ -23620,6 +25768,8 @@ type GetObjectTorrentOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -23662,9 +25812,9 @@ type GetPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -23994,33 +26144,48 @@ type HeadBucketInput struct { // The bucket name. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with an Object Lambda access point, provide the - // alias of the Object Lambda access point in place of the bucket name. If the - // Object Lambda access point alias in a request is not valid, the error code - // InvalidAccessPointAliasError is returned. For more information about InvalidAccessPointAliasError, - // see List of Error Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). + // Object Lambda access points - When you use this API operation with an Object + // Lambda access point, provide the alias of the Object Lambda access point + // in place of the bucket name. If the Object Lambda access point alias in a + // request is not valid, the error code InvalidAccessPointAliasError is returned. + // For more information about InvalidAccessPointAliasError, see List of Error + // Codes (https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList). // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -24106,6 +26271,30 @@ func (s HeadBucketInput) updateArnableField(v string) (interface{}, error) { type HeadBucketOutput struct { _ struct{} `type:"structure"` + + // Indicates whether the bucket name used in the request is an access point + // alias. + // + // This functionality is not supported for directory buckets. + AccessPointAlias *bool `location:"header" locationName:"x-amz-access-point-alias" type:"boolean"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the AZ ID of the Availability Zone where the bucket + // is created. An example AZ ID value is usw2-az2. + // + // This functionality is only supported by directory buckets. + BucketLocationName *string `location:"header" locationName:"x-amz-bucket-location-name" type:"string"` + + // The type of location where the bucket is created. + // + // This functionality is only supported by directory buckets. + BucketLocationType *string `location:"header" locationName:"x-amz-bucket-location-type" type:"string" enum:"LocationType"` + + // The Region that the bucket is located. + // + // This functionality is not supported for directory buckets. + BucketRegion *string `location:"header" locationName:"x-amz-bucket-region" type:"string"` } // String returns the string representation. @@ -24126,24 +26315,62 @@ func (s HeadBucketOutput) GoString() string { return s.String() } +// SetAccessPointAlias sets the AccessPointAlias field's value. +func (s *HeadBucketOutput) SetAccessPointAlias(v bool) *HeadBucketOutput { + s.AccessPointAlias = &v + return s +} + +// SetBucketLocationName sets the BucketLocationName field's value. +func (s *HeadBucketOutput) SetBucketLocationName(v string) *HeadBucketOutput { + s.BucketLocationName = &v + return s +} + +// SetBucketLocationType sets the BucketLocationType field's value. +func (s *HeadBucketOutput) SetBucketLocationType(v string) *HeadBucketOutput { + s.BucketLocationType = &v + return s +} + +// SetBucketRegion sets the BucketRegion field's value. +func (s *HeadBucketOutput) SetBucketRegion(v string) *HeadBucketOutput { + s.BucketRegion = &v + return s +} + type HeadObjectInput struct { _ struct{} `locationName:"HeadObjectRequest" type:"structure"` - // The name of the bucket containing the object. + // The name of the bucket that contains the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -24156,25 +26383,69 @@ type HeadObjectInput struct { // must have permission to use the kms:Decrypt action for the request to succeed. ChecksumMode *string `location:"header" locationName:"x-amz-checksum-mode" type:"string" enum:"ChecksumMode"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Return the object only if its entity tag (ETag) is the same as the one specified; // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfMatch *string `location:"header" locationName:"If-Match" type:"string"` // Return the object only if it has been modified since the specified time; // otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfModifiedSince *time.Time `location:"header" locationName:"If-Modified-Since" type:"timestamp"` // Return the object only if its entity tag (ETag) is different from the one // specified; otherwise, return a 304 (not modified) error. + // + // If both of the If-None-Match and If-Modified-Since headers are present in + // the request as follows: + // + // * If-None-Match condition evaluates to false, and; + // + // * If-Modified-Since condition evaluates to true; + // + // Then Amazon S3 returns the 304 Not Modified response code. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfNoneMatch *string `location:"header" locationName:"If-None-Match" type:"string"` // Return the object only if it has not been modified since the specified time; // otherwise, return a 412 (precondition failed) error. + // + // If both of the If-Match and If-Unmodified-Since headers are present in the + // request as follows: + // + // * If-Match condition evaluates to true, and; + // + // * If-Unmodified-Since condition evaluates to false; + // + // Then Amazon S3 returns 200 OK and the data requested. + // + // For more information about conditional requests, see RFC 7232 (https://tools.ietf.org/html/rfc7232). IfUnmodifiedSince *time.Time `location:"header" locationName:"If-Unmodified-Since" type:"timestamp"` // The object key. @@ -24194,14 +26465,19 @@ type HeadObjectInput struct { Range *string `location:"header" locationName:"Range" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -24210,6 +26486,8 @@ type HeadObjectInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by HeadObjectInput's // String and GoString methods. @@ -24218,9 +26496,14 @@ type HeadObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // For directory buckets in this API operation, only the null value of the version + // ID is supported. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -24402,51 +26685,63 @@ type HeadObjectOutput struct { AcceptRanges *string `location:"header" locationName:"accept-ranges" type:"string"` // The archive state of the head object. + // + // This functionality is not supported for directory buckets. ArchiveStatus *string `location:"header" locationName:"x-amz-archive-status" type:"string" enum:"ArchiveStatus"` // Indicates whether the object uses an S3 Bucket Key for server-side encryption // with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Specifies caching behavior along the request/reply chain. CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Specifies presentational information for the object. ContentDisposition *string `location:"header" locationName:"Content-Disposition" type:"string"` - // Specifies what content encodings have been applied to the object and thus + // Indicates what content encodings have been applied to the object and thus // what decoding mechanisms must be applied to obtain the media-type referenced // by the Content-Type header field. ContentEncoding *string `location:"header" locationName:"Content-Encoding" type:"string"` @@ -24462,21 +26757,27 @@ type HeadObjectOutput struct { // Specifies whether the object retrieved was (true) or was not (false) a Delete // Marker. If false, this response header does not appear in the response. + // + // This functionality is not supported for directory buckets. DeleteMarker *bool `location:"header" locationName:"x-amz-delete-marker" type:"boolean"` // An entity tag (ETag) is an opaque identifier assigned by a web server to // a specific version of a resource found at a URL. ETag *string `location:"header" locationName:"ETag" type:"string"` - // If the object expiration is configured (see PUT Bucket lifecycle), the response - // includes this header. It includes the expiry-date and rule-id key-value pairs - // providing object expiration information. The value of the rule-id is URL-encoded. + // If the object expiration is configured (see PutBucketLifecycleConfiguration + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), + // the response includes this header. It includes the expiry-date and rule-id + // key-value pairs providing object expiration information. The value of the + // rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // The date and time at which the object is no longer cacheable. Expires *string `location:"header" locationName:"Expires" type:"string"` - // Creation date of the object. + // Date and time when the object was last modified. LastModified *time.Time `location:"header" locationName:"Last-Modified" type:"timestamp"` // A map of metadata to store with the object in S3. @@ -24490,6 +26791,8 @@ type HeadObjectOutput struct { // headers. This can happen if you create metadata using an API like SOAP that // supports more flexible metadata than the REST API. For example, using SOAP, // you can create metadata whose values are not legal HTTP headers. + // + // This functionality is not supported for directory buckets. MissingMeta *int64 `location:"header" locationName:"x-amz-missing-meta" type:"integer"` // Specifies whether a legal hold is in effect for this object. This header @@ -24497,15 +26800,21 @@ type HeadObjectOutput struct { // This header is not returned if the specified version of this object has never // had a legal hold applied. For more information about S3 Object Lock, see // Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode, if any, that's in effect for this object. This header // is only returned if the requester has the s3:GetObjectRetention permission. // For more information about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when the Object Lock retention period expires. This header // is only returned if the requester has the s3:GetObjectRetention permission. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // The count of parts this object has. This value is only returned if you specify @@ -24544,10 +26853,14 @@ type HeadObjectOutput struct { // header will return FAILED. // // For more information, see Replication (https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html). + // + // This functionality is not supported for directory buckets. ReplicationStatus *string `location:"header" locationName:"x-amz-replication-status" type:"string" enum:"ReplicationStatus"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If the object is an archived object (an object whose storage class is GLACIER), @@ -24565,42 +26878,61 @@ type HeadObjectOutput struct { // // For more information about archiving objects, see Transitioning Objects: // General Considerations (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html#lifecycle-transition-general-considerations). + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. Restore *string `location:"header" locationName:"x-amz-restore" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by HeadObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // Provides storage class information of the object. Amazon S3 returns this // header for all objects except for S3 Standard storage class objects. // // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` - // Version of the object. + // Version ID of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -24886,10 +27218,16 @@ type Initiator struct { _ struct{} `type:"structure"` // Name of the Principal. + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` // If the principal is an Amazon Web Services account, it provides the Canonical // User ID. If the principal is an IAM User, it provides a user ARN value. + // + // Directory buckets - If the principal is an Amazon Web Services account, it + // provides the Amazon Web Services account ID. If the principal is an IAM User, + // it provides a user ARN value. ID *string `type:"string"` } @@ -26325,9 +28663,9 @@ type ListBucketAnalyticsConfigurationsInput struct { // should begin. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -26651,9 +28989,9 @@ type ListBucketInventoryConfigurationsInput struct { // that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -26820,9 +29158,9 @@ type ListBucketMetricsConfigurationsInput struct { // value that Amazon S3 understands. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -27038,24 +29376,123 @@ func (s *ListBucketsOutput) SetOwner(v *Owner) *ListBucketsOutput { return s } +type ListDirectoryBucketsInput struct { + _ struct{} `locationName:"ListDirectoryBucketsRequest" type:"structure"` + + // ContinuationToken indicates to Amazon S3 that the list is being continued + // on this bucket with a token. ContinuationToken is obfuscated and is not a + // real key. You can use this ContinuationToken for pagination of the list results. + ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` + + // Maximum number of buckets to be returned in response. When the number is + // more than the count of buckets that are owned by an Amazon Web Services account, + // return all the buckets in response. + MaxDirectoryBuckets *int64 `location:"querystring" locationName:"max-directory-buckets" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsInput) GoString() string { + return s.String() +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsInput) SetContinuationToken(v string) *ListDirectoryBucketsInput { + s.ContinuationToken = &v + return s +} + +// SetMaxDirectoryBuckets sets the MaxDirectoryBuckets field's value. +func (s *ListDirectoryBucketsInput) SetMaxDirectoryBuckets(v int64) *ListDirectoryBucketsInput { + s.MaxDirectoryBuckets = &v + return s +} + +type ListDirectoryBucketsOutput struct { + _ struct{} `type:"structure"` + + // The list of buckets owned by the requester. + Buckets []*Bucket `locationNameList:"Bucket" type:"list"` + + // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + ContinuationToken *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListDirectoryBucketsOutput) GoString() string { + return s.String() +} + +// SetBuckets sets the Buckets field's value. +func (s *ListDirectoryBucketsOutput) SetBuckets(v []*Bucket) *ListDirectoryBucketsOutput { + s.Buckets = v + return s +} + +// SetContinuationToken sets the ContinuationToken field's value. +func (s *ListDirectoryBucketsOutput) SetContinuationToken(v string) *ListDirectoryBucketsOutput { + s.ContinuationToken = &v + return s +} + type ListMultipartUploadsInput struct { _ struct{} `locationName:"ListMultipartUploadsRequest" type:"structure"` // The name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -27069,6 +29506,8 @@ type ListMultipartUploadsInput struct { // parameter, then the substring starts at the beginning of the key. The keys // that are grouped under CommonPrefixes result element are not returned elsewhere // in the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Requests Amazon S3 to encode the object keys in the response and specifies @@ -27079,20 +29518,28 @@ type ListMultipartUploadsInput struct { // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // Together with upload-id-marker, this parameter specifies the multipart upload - // after which listing should begin. + // Specifies the multipart upload after which listing should begin. // - // If upload-id-marker is not specified, only the keys lexicographically greater - // than the specified key-marker will be included in the list. + // * General purpose buckets - For general purpose buckets, key-marker is + // an object key. Together with upload-id-marker, this parameter specifies + // the multipart upload after which listing should begin. If upload-id-marker + // is not specified, only the keys lexicographically greater than the specified + // key-marker will be included in the list. If upload-id-marker is specified, + // any multipart uploads for a key equal to the key-marker might also be + // included, provided those multipart uploads have upload IDs lexicographically + // greater than the specified upload-id-marker. // - // If upload-id-marker is specified, any multipart uploads for a key equal to - // the key-marker might also be included, provided those multipart uploads have - // upload IDs lexicographically greater than the specified upload-id-marker. + // * Directory buckets - For directory buckets, key-marker is obfuscated + // and isn't a real object key. The upload-id-marker parameter isn't supported + // by directory buckets. To list the additional multipart uploads, you only + // need to set the value of key-marker to the NextKeyMarker value from the + // previous response. In the ListMultipartUploads response, the multipart + // uploads aren't sorted lexicographically based on the object keys. KeyMarker *string `location:"querystring" locationName:"key-marker" type:"string"` // Sets the maximum number of multipart uploads, from 1 to 1,000, to return @@ -27104,13 +29551,20 @@ type ListMultipartUploadsInput struct { // prefix. You can use prefixes to separate a bucket into different grouping // of keys. (You can think of using prefix to make groups in the same way that // you'd use a folder in a file system.) + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Together with key-marker, specifies the multipart upload after which listing @@ -27118,6 +29572,8 @@ type ListMultipartUploadsInput struct { // is ignored. Otherwise, any multipart uploads for a key equal to the key-marker // might be included in the list only if they have an upload ID lexicographically // greater than the specified upload-id-marker. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `location:"querystring" locationName:"upload-id-marker" type:"string"` } @@ -27253,10 +29709,15 @@ type ListMultipartUploadsOutput struct { // If you specify a delimiter in the request, then the result returns each distinct // key prefix containing the delimiter in a CommonPrefixes element. The distinct // key prefixes are returned in the Prefix child element. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Contains the delimiter you specified in the request. If you don't specify // a delimiter in your request, this element is absent from the response. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object keys in the response. @@ -27287,17 +29748,26 @@ type ListMultipartUploadsOutput struct { // When a list is truncated, this element specifies the value that should be // used for the upload-id-marker request parameter in a subsequent request. + // + // This functionality is not supported for directory buckets. NextUploadIdMarker *string `type:"string"` // When a prefix is provided in the request, this field contains the specified // prefix. The result contains only keys starting with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Upload ID after which listing began. + // + // This functionality is not supported for directory buckets. UploadIdMarker *string `type:"string"` // Container for elements related to a particular multipart upload. A response @@ -27431,9 +29901,9 @@ type ListObjectVersionsInput struct { // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the key to start with when listing objects in a bucket. @@ -27459,10 +29929,14 @@ type ListObjectVersionsInput struct { Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Specifies the object version you want to start listing from. @@ -27656,6 +30130,8 @@ type ListObjectVersionsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Marks the last version of the key returned in a truncated response. @@ -27772,19 +30248,33 @@ type ListObjectsInput struct { // The name of the bucket containing the objects. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -27801,9 +30291,9 @@ type ListObjectsInput struct { // keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Marker is where you want Amazon S3 to start listing from. Amazon S3 starts @@ -28014,6 +30504,8 @@ type ListObjectsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -28104,21 +30596,33 @@ func (s *ListObjectsOutput) SetRequestCharged(v string) *ListObjectsOutput { type ListObjectsV2Input struct { _ struct{} `locationName:"ListObjectsV2Request" type:"structure"` - // Bucket name to list. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -28126,23 +30630,35 @@ type ListObjectsV2Input struct { // ContinuationToken indicates to Amazon S3 that the list is being continued // on this bucket with a token. ContinuationToken is obfuscated and is not a - // real key. + // real key. You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `location:"querystring" locationName:"continuation-token" type:"string"` // A delimiter is a character that you use to group keys. + // + // * Directory buckets - For directory buckets, / is the only supported delimiter. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. Delimiter *string `location:"querystring" locationName:"delimiter" type:"string"` // Encoding type used by Amazon S3 to encode object keys in the response. EncodingType *string `location:"querystring" locationName:"encoding-type" type:"string" enum:"EncodingType"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The owner field is not present in ListObjectsV2 by default. If you want to // return the owner field with each key in the result, then set the FetchOwner // field to true. + // + // Directory buckets - For directory buckets, the bucket owner is returned as + // the object owner for all objects. FetchOwner *bool `location:"querystring" locationName:"fetch-owner" type:"boolean"` // Sets the maximum number of keys returned in the response. By default, the @@ -28152,18 +30668,27 @@ type ListObjectsV2Input struct { // Specifies the optional fields that you want returned in the response. Fields // that you do not specify are not returned. + // + // This functionality is not supported for directory buckets. OptionalObjectAttributes []*string `location:"header" locationName:"x-amz-optional-object-attributes" type:"list" enum:"OptionalObjectAttributes"` // Limits the response to keys that begin with the specified prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `location:"querystring" locationName:"prefix" type:"string"` // Confirms that the requester knows that she or he will be charged for the // list objects request in V2 style. Bucket owners need not specify this parameter // in their requests. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // StartAfter is where you want Amazon S3 to start listing from. Amazon S3 starts // listing after this specified key. StartAfter can be any key in the bucket. + // + // This functionality is not supported for directory buckets. StartAfter *string `location:"querystring" locationName:"start-after" type:"string"` } @@ -28304,8 +30829,9 @@ func (s ListObjectsV2Input) updateArnableField(v string) (interface{}, error) { type ListObjectsV2Output struct { _ struct{} `type:"structure"` - // All of the keys (up to 1,000) rolled up into a common prefix count as a single - // return when calculating the number of returns. + // All of the keys (up to 1,000) that share the same prefix are grouped together. + // When counting the total numbers of returns by this API operation, this group + // of keys is considered as one item. // // A response can contain CommonPrefixes only if you specify a delimiter. // @@ -28319,12 +30845,24 @@ type ListObjectsV2Output struct { // in notes/summer/july, the common prefix is notes/summer/. All of the keys // that roll up into a common prefix count as a single return when calculating // the number of returns. + // + // * Directory buckets - For directory buckets, only prefixes that end in + // a delimiter (/) are supported. + // + // * Directory buckets - When you query ListObjectsV2 with a delimiter during + // in-progress multipart uploads, the CommonPrefixes response parameter contains + // the prefixes that are associated with the in-progress multipart uploads. + // For more information about multipart uploads, see Multipart Upload Overview + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuoverview.html) in + // the Amazon S3 User Guide. CommonPrefixes []*CommonPrefix `type:"list" flattened:"true"` // Metadata about each object returned. Contents []*Object `type:"list" flattened:"true"` // If ContinuationToken was sent with the request, it is included in the response. + // You can use the returned ContinuationToken for pagination of the list response. + // You can use this ContinuationToken for pagination of the list results. ContinuationToken *string `type:"string"` // Causes keys that contain the same string between the prefix and the first @@ -28332,6 +30870,8 @@ type ListObjectsV2Output struct { // in the CommonPrefixes collection. These rolled-up keys are not returned elsewhere // in the response. Each rolled-up result counts as only one return against // the MaxKeys value. + // + // Directory buckets - For directory buckets, / is the only supported delimiter. Delimiter *string `type:"string"` // Encoding type used by Amazon S3 to encode object key names in the XML response. @@ -28359,21 +30899,6 @@ type ListObjectsV2Output struct { MaxKeys *int64 `type:"integer"` // The bucket name. - // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. Name *string `type:"string"` // NextContinuationToken is sent when isTruncated is true, which means there @@ -28383,13 +30908,20 @@ type ListObjectsV2Output struct { NextContinuationToken *string `type:"string"` // Keys that begin with the indicated prefix. + // + // Directory buckets - For directory buckets, only prefixes that end in a delimiter + // (/) are supported. Prefix *string `type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If StartAfter was sent with the request, it is included in the response. + // + // This functionality is not supported for directory buckets. StartAfter *string `type:"string"` } @@ -28494,27 +31026,41 @@ type ListPartsInput struct { // The name of the bucket to which the parts are being uploaded. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -28530,16 +31076,22 @@ type ListPartsInput struct { PartNumberMarker *int64 `location:"querystring" locationName:"part-number-marker" type:"integer"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The server-side encryption (SSE) algorithm used to encrypt the object. This // parameter is needed only when the object was created using a checksum algorithm. // For more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // The server-side encryption (SSE) customer managed key. This parameter is @@ -28547,6 +31099,8 @@ type ListPartsInput struct { // information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ListPartsInput's // String and GoString methods. @@ -28556,6 +31110,8 @@ type ListPartsInput struct { // is needed only when the object was created using a checksum algorithm. For // more information, see Protecting data using SSE-C keys (https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -28720,11 +31276,15 @@ type ListPartsOutput struct { // // The response will also include the x-amz-abort-rule-id header that will provide // the ID of the lifecycle configuration rule that defines this action. + // + // This functionality is not supported for directory buckets. AbortDate *time.Time `location:"header" locationName:"x-amz-abort-date" type:"timestamp"` // This header is returned along with the x-amz-abort-date header. It identifies // applicable lifecycle configuration rule that defines the action to abort // incomplete multipart uploads. + // + // This functionality is not supported for directory buckets. AbortRuleId *string `location:"header" locationName:"x-amz-abort-rule-id" type:"string"` // The name of the bucket to which the multipart upload was initiated. Does @@ -28759,6 +31319,9 @@ type ListPartsOutput struct { // Container element that identifies the object owner, after the object is created. // If multipart upload is initiated by an IAM user, this element provides the // parent account ID and display name. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the parts. Owner *Owner `type:"structure"` // When a list is truncated, this element specifies the last part in the list, @@ -28772,10 +31335,14 @@ type ListPartsOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` - // Class of storage (STANDARD or REDUCED_REDUNDANCY) used to store the uploaded - // object. + // The class of storage used to store the uploaded object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID identifying the multipart upload whose parts are being listed. @@ -29033,6 +31600,56 @@ func (s *Location) SetUserMetadata(v []*MetadataEntry) *Location { return s } +// Specifies the location where the bucket will be created. +// +// For directory buckets, the location type is Availability Zone. For more information +// about directory buckets, see Directory buckets (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) +// in the Amazon S3 User Guide. +// +// This functionality is only supported by directory buckets. +type LocationInfo struct { + _ struct{} `type:"structure"` + + // The name of the location where the bucket will be created. + // + // For directory buckets, the AZ ID of the Availability Zone where the bucket + // will be created. An example AZ ID value is usw2-az2. + Name *string `type:"string"` + + // The type of location where the bucket will be created. + Type *string `type:"string" enum:"LocationType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LocationInfo) GoString() string { + return s.String() +} + +// SetName sets the Name field's value. +func (s *LocationInfo) SetName(v string) *LocationInfo { + s.Name = &v + return s +} + +// SetType sets the Type field's value. +func (s *LocationInfo) SetType(v string) *LocationInfo { + s.Type = &v + return s +} + // Describes where logs are stored and the prefix that Amazon S3 assigns to // all log object keys for a bucket. For more information, see PUT Bucket logging // (https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTlogging.html) @@ -29058,6 +31675,9 @@ type LoggingEnabled struct { // in the Amazon S3 User Guide. TargetGrants []*TargetGrant `locationNameList:"Grant" type:"list"` + // Amazon S3 key format for log objects. + TargetObjectKeyFormat *TargetObjectKeyFormat `type:"structure"` + // A prefix for all log object keys. If you store log files from multiple Amazon // S3 buckets in a single bucket, you can use a prefix to distinguish which // log files came from which bucket. @@ -29122,6 +31742,12 @@ func (s *LoggingEnabled) SetTargetGrants(v []*TargetGrant) *LoggingEnabled { return s } +// SetTargetObjectKeyFormat sets the TargetObjectKeyFormat field's value. +func (s *LoggingEnabled) SetTargetObjectKeyFormat(v *TargetObjectKeyFormat) *LoggingEnabled { + s.TargetObjectKeyFormat = v + return s +} + // SetTargetPrefix sets the TargetPrefix field's value. func (s *LoggingEnabled) SetTargetPrefix(v string) *LoggingEnabled { s.TargetPrefix = &v @@ -29469,9 +32095,15 @@ type MultipartUpload struct { Key *string `min:"1" type:"string"` // Specifies the owner of the object that is part of the multipart upload. + // + // Directory buckets - The bucket owner is returned as the object owner for + // all the objects. Owner *Owner `type:"structure"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"StorageClass"` // Upload ID that identifies the multipart upload. @@ -29546,9 +32178,10 @@ func (s *MultipartUpload) SetUploadId(v string) *MultipartUpload { type NoncurrentVersionExpiration struct { _ struct{} `type:"structure"` - // Specifies how many noncurrent versions Amazon S3 will retain. If there are - // this many more recent noncurrent versions, Amazon S3 will take the associated - // action. For more information about noncurrent versions, see Lifecycle configuration + // Specifies how many newer noncurrent versions must exist before Amazon S3 + // can perform the associated action on a given version. If there are this many + // more recent noncurrent versions, Amazon S3 will take the associated action. + // For more information about noncurrent versions, see Lifecycle configuration // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. NewerNoncurrentVersions *int64 `type:"integer"` @@ -29601,9 +32234,10 @@ func (s *NoncurrentVersionExpiration) SetNoncurrentDays(v int64) *NoncurrentVers type NoncurrentVersionTransition struct { _ struct{} `type:"structure"` - // Specifies how many noncurrent versions Amazon S3 will retain. If there are - // this many more recent noncurrent versions, Amazon S3 will take the associated - // action. For more information about noncurrent versions, see Lifecycle configuration + // Specifies how many newer noncurrent versions must exist before Amazon S3 + // can perform the associated action on a given version. If there are this many + // more recent noncurrent versions, Amazon S3 will take the associated action. + // For more information about noncurrent versions, see Lifecycle configuration // elements (https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html) // in the Amazon S3 User Guide. NewerNoncurrentVersions *int64 `type:"integer"` @@ -29873,6 +32507,8 @@ type Object struct { // encryption. If an object is larger than 16 MB, the Amazon Web Services // Management Console will upload or copy that object as a Multipart Upload, // and therefore the ETag will not be an MD5 digest. + // + // Directory buckets - MD5 is not supported by directory buckets. ETag *string `type:"string"` // The name that you assign to an object. You use the object key to retrieve @@ -29883,6 +32519,8 @@ type Object struct { LastModified *time.Time `type:"timestamp"` // The owner of the object + // + // Directory buckets - The bucket owner is returned as the object owner. Owner *Owner `type:"structure"` // Specifies the restoration status of an object. Objects in certain storage @@ -29890,12 +32528,18 @@ type Object struct { // about these storage classes and how to work with archived objects, see Working // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Only the S3 Express + // One Zone storage class is supported by directory buckets to store objects. RestoreStatus *RestoreStatus `type:"structure"` // Size in bytes of the object - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. + // + // Directory buckets - Only the S3 Express One Zone storage class is supported + // by directory buckets to store objects. StorageClass *string `type:"string" enum:"ObjectStorageClass"` } @@ -29978,7 +32622,9 @@ type ObjectIdentifier struct { // Key is a required field Key *string `min:"1" type:"string" required:"true"` - // VersionId for the specific version of the object to delete. + // Version ID for the specific version of the object to delete. + // + // This functionality is not supported for directory buckets. VersionId *string `type:"string"` } @@ -30193,26 +32839,32 @@ type ObjectPart struct { ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `type:"string"` @@ -30221,7 +32873,7 @@ type ObjectPart struct { PartNumber *int64 `type:"integer"` // The size of the uploaded part in bytes. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` } // String returns the string representation. @@ -30295,7 +32947,7 @@ type ObjectVersion struct { // The object key. Key *string `min:"1" type:"string"` - // Date and time the object was last modified. + // Date and time when the object was last modified. LastModified *time.Time `type:"timestamp"` // Specifies the owner of the object. @@ -30309,7 +32961,7 @@ type ObjectVersion struct { RestoreStatus *RestoreStatus `type:"structure"` // Size in bytes of the object. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` // The class of storage used to store the object. StorageClass *string `type:"string" enum:"ObjectVersionStorageClass"` @@ -30506,6 +33158,8 @@ type Owner struct { // * Europe (Ireland) // // * South America (São Paulo) + // + // This functionality is not supported for directory buckets. DisplayName *string `type:"string"` // Container for the ID of the owner. @@ -30615,8 +33269,19 @@ type OwnershipControlsRule struct { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that - // don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control - // canned ACL or an equivalent form of this ACL expressed in the XML format. + // don't specify an ACL or specify bucket owner full control ACLs (such as the + // predefined bucket-owner-full-control canned ACL or a custom ACL in XML format + // that grants the same permissions). + // + // By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. + // We recommend keeping ACLs disabled, except in uncommon use cases where you + // must control access for each object individually. For more information about + // S3 Object Ownership, see Controlling ownership of objects and disabling ACLs + // for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. Directory buckets + // use the bucket owner enforced setting for S3 Object Ownership. // // ObjectOwnership is a required field ObjectOwnership *string `type:"string" required:"true" enum:"ObjectOwnership"` @@ -30694,18 +33359,22 @@ type Part struct { ChecksumCRC32 *string `type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `type:"string"` @@ -30727,7 +33396,7 @@ type Part struct { PartNumber *int64 `type:"integer"` // Size in bytes of the uploaded part data. - Size *int64 `type:"integer"` + Size *int64 `type:"long"` } // String returns the string representation. @@ -30796,6 +33465,44 @@ func (s *Part) SetSize(v int64) *Part { return s } +// Amazon S3 keys for log objects are partitioned in the following format: +// +// [DestinationPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +// +// PartitionedPrefix defaults to EventTime delivery when server access logs +// are delivered. +type PartitionedPrefix struct { + _ struct{} `locationName:"PartitionedPrefix" type:"structure"` + + // Specifies the partition date source for the partitioned prefix. PartitionDateSource + // can be EventTime or DeliveryTime. + PartitionDateSource *string `type:"string" enum:"PartitionDateSource"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s PartitionedPrefix) GoString() string { + return s.String() +} + +// SetPartitionDateSource sets the PartitionDateSource field's value. +func (s *PartitionedPrefix) SetPartitionDateSource(v string) *PartitionedPrefix { + s.PartitionDateSource = &v + return s +} + // The container element for a bucket's policy status. type PolicyStatus struct { _ struct{} `type:"structure"` @@ -31043,12 +33750,12 @@ type PutBucketAccelerateConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31060,9 +33767,9 @@ type PutBucketAccelerateConfigurationInput struct { // must be populated with the algorithm's checksum of the request payload. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -31197,12 +33904,12 @@ type PutBucketAclInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31218,9 +33925,9 @@ type PutBucketAclInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the @@ -31411,9 +34118,9 @@ type PutBucketAnalyticsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID that identifies the analytics configuration. @@ -31563,12 +34270,12 @@ type PutBucketCorsInput struct { // CORSConfiguration is a required field CORSConfiguration *CORSConfiguration `locationName:"CORSConfiguration" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31584,9 +34291,9 @@ type PutBucketCorsInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -31727,12 +34434,12 @@ type PutBucketEncryptionInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -31748,9 +34455,9 @@ type PutBucketEncryptionInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Specifies the default server-side-encryption configuration. @@ -32028,9 +34735,9 @@ type PutBucketInventoryConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the inventory configuration. @@ -32177,12 +34884,12 @@ type PutBucketLifecycleConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32198,9 +34905,9 @@ type PutBucketLifecycleConfigurationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1,000 rules. @@ -32332,12 +35039,12 @@ type PutBucketLifecycleInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32353,9 +35060,9 @@ type PutBucketLifecycleInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for lifecycle rules. You can add as many as 1000 rules. @@ -32497,12 +35204,12 @@ type PutBucketLoggingInput struct { // BucketLoggingStatus is a required field BucketLoggingStatus *BucketLoggingStatus `locationName:"BucketLoggingStatus" type:"structure" required:"true" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32518,9 +35225,9 @@ type PutBucketLoggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` } @@ -32654,9 +35361,9 @@ type PutBucketMetricsConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The ID used to identify the metrics configuration. The ID has a 64 character @@ -32804,9 +35511,9 @@ type PutBucketNotificationConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for specifying the notification configuration of the bucket. @@ -32950,12 +35657,12 @@ type PutBucketNotificationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -32971,9 +35678,9 @@ type PutBucketNotificationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The container for the configuration. @@ -33107,9 +35814,9 @@ type PutBucketOwnershipControlsInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The OwnershipControls (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) @@ -33240,19 +35947,45 @@ type PutBucketPolicyInput struct { // The name of the bucket. // + // Directory buckets - When you use this operation with a directory bucket, + // you must use path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name + // . Virtual-hosted-style requests aren't supported. Directory bucket names + // must be unique in the chosen Availability Zone. Bucket names must also follow + // the format bucket_base_name--az_id--x-s3 (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). + // For information about bucket naming restrictions, see Directory bucket naming + // rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // - // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - // parameter. + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value @@ -33266,15 +35999,24 @@ type PutBucketPolicyInput struct { // Set this parameter to true to confirm that you want to remove your permissions // to change this bucket policy in the future. + // + // This functionality is not supported for directory buckets. ConfirmRemoveSelfBucketAccess *bool `location:"header" locationName:"x-amz-confirm-remove-self-bucket-access" type:"boolean"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). + // + // For directory buckets, this header is not supported in this API operation. + // If you specify this header, the request fails with the HTTP status code 501 + // Not Implemented. ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The bucket policy as a JSON document. // + // For directory buckets, the only IAM action supported in the bucket policy + // is s3express:CreateSession. + // // Policy is a required field Policy *string `type:"string" required:"true"` } @@ -33410,12 +36152,12 @@ type PutBucketReplicationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33431,9 +36173,9 @@ type PutBucketReplicationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // A container for replication rules. You can add up to 1,000 rules. The maximum @@ -33582,12 +36324,12 @@ type PutBucketRequestPaymentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33603,9 +36345,9 @@ type PutBucketRequestPaymentInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for Payer. @@ -33744,12 +36486,12 @@ type PutBucketTaggingInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33765,9 +36507,9 @@ type PutBucketTaggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the TagSet and Tag elements. @@ -33906,12 +36648,12 @@ type PutBucketVersioningInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -33927,9 +36669,9 @@ type PutBucketVersioningInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The concatenation of the authentication device's serial number, a space, @@ -34073,12 +36815,12 @@ type PutBucketWebsiteInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -34094,9 +36836,9 @@ type PutBucketWebsiteInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Container for the request. @@ -34240,22 +36982,33 @@ type PutObjectAclInput struct { // The bucket name that contains the object to which you want to attach the // ACL. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // in the Amazon S3 User Guide. + // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -34271,25 +37024,25 @@ type PutObjectAclInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Allows grantee the read, write, read ACP, and write ACP permissions on the // bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to list the objects in the bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the bucket ACL. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to create new objects in the bucket. @@ -34300,37 +37053,28 @@ type PutObjectAclInput struct { // Allows grantee to write the ACL for the applicable bucket. // - // This action is not supported by Amazon S3 on Outposts. + // This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Key for which the PUT action was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. - // When using this action with an access point through the Amazon Web Services - // SDKs, you provide the access point ARN in place of the bucket name. For more - // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) - // in the Amazon S3 User Guide. - // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) - // in the Amazon S3 User Guide. - // // Key is a required field Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // VersionId used to reference a specific version of the object. + // Version ID used to reference a specific version of the object. + // + // This functionality is not supported for directory buckets. VersionId *string `location:"querystring" locationName:"versionId" type:"string"` } @@ -34496,6 +37240,8 @@ type PutObjectAclOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -34527,9 +37273,32 @@ type PutObjectInput struct { _ struct{} `locationName:"PutObjectRequest" type:"structure" payload:"Body"` // The canned ACL to apply to the object. For more information, see Canned ACL - // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL). + // (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL) + // in the Amazon S3 User Guide. // - // This action is not supported by Amazon S3 on Outposts. + // When adding a new object, you can use headers to grant ACL-based permissions + // to individual Amazon Web Services accounts or to predefined groups defined + // by Amazon S3. These permissions are then added to the ACL on the object. + // By default, all objects are private. Only the owner has full access control. + // For more information, see Access Control List (ACL) Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html) + // and Managing ACLs Using the REST API (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html) + // in the Amazon S3 User Guide. + // + // If the bucket that you're uploading objects to uses the bucket owner enforced + // setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. + // Buckets that use this setting only accept PUT requests that don't specify + // an ACL or PUT requests that specify bucket owner full control ACLs, such + // as the bucket-owner-full-control canned ACL or an equivalent form of this + // ACL expressed in the XML format. PUT requests that contain other ACLs (for + // example, custom grants to certain Amazon Web Services accounts) fail and + // return a 400 error with the error code AccessControlListNotSupported. For + // more information, see Controlling ownership of objects and disabling ACLs + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon S3 User Guide. + // + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. ACL *string `location:"header" locationName:"x-amz-acl" type:"string" enum:"ObjectCannedACL"` // Object data. @@ -34537,19 +37306,33 @@ type PutObjectInput struct { // The bucket name to which the PUT action was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -34562,6 +37345,8 @@ type PutObjectInput struct { // // Specifying this header with a PUT action doesn’t affect bucket-level settings // for S3 Bucket Key. + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Can be used to specify caching behavior along the request/reply chain. For @@ -34569,16 +37354,33 @@ type PutObjectInput struct { // (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9). CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum-algorithm or x-amz-trailer header sent. Otherwise, Amazon + // S3 fails the request with the HTTP status code 400 Bad Request. + // + // For the x-amz-checksum-algorithm header, replace algorithm with the supported + // algorithm from the following list: + // + // * CRC32 + // + // * CRC32C + // + // * SHA1 + // + // * SHA256 + // + // For more information, see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // - // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm - // parameter. + // If the individual checksum value you provide through x-amz-checksum-algorithm + // doesn't match the checksum algorithm you set through x-amz-sdk-checksum-algorithm, + // Amazon S3 ignores any provided ChecksumAlgorithm parameter and uses the checksum + // algorithm that matches the provided value in x-amz-checksum-algorithm . + // + // For directory buckets, when you use Amazon Web Services SDKs, CRC32 is the + // default checksum algorithm that's used for performance. // // The AWS SDK for Go v1 does not support automatic computing request payload // checksum. This feature is available in the AWS SDK for Go v2. If a value @@ -34638,15 +37440,22 @@ type PutObjectInput struct { // it is optional, we recommend using the Content-MD5 mechanism as an end-to-end // integrity check. For more information about REST request authentication, // see REST Authentication (https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html). + // + // The Content-MD5 header is required for any request to upload an object with + // a retention period configured using Amazon S3 Object Lock. For more information + // about Amazon S3 Object Lock, see Amazon S3 Object Lock Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` // A standard MIME type describing the format of the contents. For more information, // see https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type (https://www.rfc-editor.org/rfc/rfc9110.html#name-content-type). ContentType *string `location:"header" locationName:"Content-Type" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The date and time at which the object is no longer cacheable. For more information, @@ -34655,22 +37464,30 @@ type PutObjectInput struct { // Gives the grantee READ, READ_ACP, and WRITE_ACP permissions on the object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantFullControl *string `location:"header" locationName:"x-amz-grant-full-control" type:"string"` // Allows grantee to read the object data and its metadata. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantRead *string `location:"header" locationName:"x-amz-grant-read" type:"string"` // Allows grantee to read the object ACL. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantReadACP *string `location:"header" locationName:"x-amz-grant-read-acp" type:"string"` // Allows grantee to write the ACL for the applicable object. // - // This action is not supported by Amazon S3 on Outposts. + // * This functionality is not supported for directory buckets. + // + // * This functionality is not supported for Amazon S3 on Outposts. GrantWriteACP *string `location:"header" locationName:"x-amz-grant-write-acp" type:"string"` // Object key for which the PUT action was initiated. @@ -34682,25 +37499,37 @@ type PutObjectInput struct { Metadata map[string]*string `location:"headers" locationName:"x-amz-meta-" type:"map"` // Specifies whether a legal hold will be applied to this object. For more information - // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + // about S3 Object Lock, see Object Lock (https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. ObjectLockLegalHoldStatus *string `location:"header" locationName:"x-amz-object-lock-legal-hold" type:"string" enum:"ObjectLockLegalHoldStatus"` // The Object Lock mode that you want to apply to this object. + // + // This functionality is not supported for directory buckets. ObjectLockMode *string `location:"header" locationName:"x-amz-object-lock-mode" type:"string" enum:"ObjectLockMode"` // The date and time when you want this object's Object Lock to expire. Must // be formatted as a timestamp parameter. + // + // This functionality is not supported for directory buckets. ObjectLockRetainUntilDate *time.Time `location:"header" locationName:"x-amz-object-lock-retain-until-date" type:"timestamp" timestampFormat:"iso8601"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -34709,6 +37538,8 @@ type PutObjectInput struct { // with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm // header. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. @@ -34717,13 +37548,18 @@ type PutObjectInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Specifies the Amazon Web Services KMS Encryption Context to use for object // encryption. The value of this header is a base64-encoded UTF-8 string holding // JSON with the encryption context key-value pairs. This value is stored as // object metadata and automatically gets passed on to Amazon Web Services KMS - // for future GetObject or CopyObject operations on this object. + // for future GetObject or CopyObject operations on this object. This value + // must be explicitly added during CopyObject operations. + // + // This functionality is not supported for directory buckets. // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's @@ -34731,39 +37567,62 @@ type PutObjectInput struct { SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, - // this header specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key that was used for the object. If you specify - // x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, + // this header specifies the ID (Key ID, Key ARN, or Key Alias) of the Key Management + // Service (KMS) symmetric encryption customer managed key that was used for + // the object. If you specify x-amz-server-side-encryption:aws:kms or x-amz-server-side-encryption:aws:kms:dsse, // but do not providex-amz-server-side-encryption-aws-kms-key-id, Amazon S3 // uses the Amazon Web Services managed key (aws/s3) to protect the data. If // the KMS key does not exist in the same account that's issuing the command, // you must use the full ARN and not just the ID. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectInput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon - // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // The server-side encryption algorithm that was used when you store this object + // in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // General purpose buckets - You have four mutually exclusive options to protect + // data using server-side encryption in Amazon S3, depending on how you choose + // to manage the encryption keys. Specifically, the encryption key options are + // Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or + // DSSE-KMS), and customer-provided keys (SSE-C). Amazon S3 encrypts data with + // server-side encryption by using Amazon S3 managed keys (SSE-S3) by default. + // You can optionally tell Amazon S3 to encrypt data at rest by using server-side + // encryption with other key options. For more information, see Using Server-Side + // Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) + // in the Amazon S3 User Guide. + // + // Directory buckets - For directory buckets, only the server-side encryption + // with Amazon S3 managed keys (SSE-S3) (AES256) value is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` // By default, Amazon S3 uses the STANDARD Storage Class to store newly created // objects. The STANDARD storage class provides high durability and high availability. // Depending on performance needs, you can specify a different Storage Class. - // Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, - // see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) + // For more information, see Storage Classes (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) // in the Amazon S3 User Guide. + // + // * For directory buckets, only the S3 Express One Zone storage class is + // supported to store newly created objects. + // + // * Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. StorageClass *string `location:"header" locationName:"x-amz-storage-class" type:"string" enum:"StorageClass"` // The tag-set for the object. The tag-set must be encoded as URL Query parameters. // (For example, "Key1=Value1") + // + // This functionality is not supported for directory buckets. Tagging *string `location:"header" locationName:"x-amz-tagging" type:"string"` // If the bucket is configured as a website, redirects requests for this object // to another object in the same bucket or to an external URL. Amazon S3 stores // the value of this header in the object metadata. For information about object - // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html). + // metadata, see Object Key and Metadata (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) + // in the Amazon S3 User Guide. // // In the following example, the request header sets the redirect to an object // (anotherPage.html) in the same bucket: @@ -34777,7 +37636,10 @@ type PutObjectInput struct { // // For more information about website hosting in Amazon S3, see Hosting Websites // on Amazon S3 (https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) - // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html). + // and How to Configure Website Page Redirects (https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html) + // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. WebsiteRedirectLocation *string `location:"header" locationName:"x-amz-website-redirect-location" type:"string"` } @@ -35090,8 +37952,10 @@ type PutObjectLegalHoldInput struct { // The bucket name containing the object that you want to place a legal hold // on. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -35100,12 +37964,12 @@ type PutObjectLegalHoldInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35121,9 +37985,9 @@ type PutObjectLegalHoldInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object that you want to place a legal hold on. @@ -35136,10 +38000,14 @@ type PutObjectLegalHoldInput struct { LegalHold *ObjectLockLegalHold `locationName:"LegalHold" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The version ID of the object that you want to place a legal hold on. @@ -35267,6 +38135,8 @@ type PutObjectLegalHoldOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35302,12 +38172,12 @@ type PutObjectLockConfigurationInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35323,19 +38193,23 @@ type PutObjectLockConfigurationInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The Object Lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration *ObjectLockConfiguration `locationName:"ObjectLockConfiguration" type:"structure" xmlURI:"http://s3.amazonaws.com/doc/2006-03-01/"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // A token to allow Object Lock to be enabled for an existing bucket. @@ -35451,6 +38325,8 @@ type PutObjectLockConfigurationOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35483,89 +38359,133 @@ type PutObjectOutput struct { // Indicates whether the uploaded object uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` // Entity tag for the uploaded object. + // + // General purpose buckets - To ensure that data is not corrupted traversing + // the network, for objects where the ETag is the MD5 digest of the object, + // you can calculate the MD5 while putting an object to Amazon S3 and compare + // the returned ETag to the calculated MD5 value. + // + // Directory buckets - The ETag for the object in a directory bucket isn't the + // MD5 digest of the object. ETag *string `location:"header" locationName:"ETag" type:"string"` // If the expiration is configured for the object (see PutBucketLifecycleConfiguration - // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)), - // the response includes this header. It includes the expiry-date and rule-id - // key-value pairs that provide information about object expiration. The value - // of the rule-id is URL-encoded. + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html)) + // in the Amazon S3 User Guide, the response includes this header. It includes + // the expiry-date and rule-id key-value pairs that provide information about + // object expiration. The value of the rule-id is URL-encoded. + // + // This functionality is not supported for directory buckets. Expiration *string `location:"header" locationName:"x-amz-expiration" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the Amazon Web Services KMS Encryption Context to use + // If present, indicates the Amazon Web Services KMS Encryption Context to use // for object encryption. The value of this header is a base64-encoded UTF-8 // string holding JSON with the encryption context key-value pairs. This value // is stored as object metadata and automatically gets passed on to Amazon Web // Services KMS for future GetObject or CopyObject operations on this object. // + // This functionality is not supported for directory buckets. + // // SSEKMSEncryptionContext is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSEncryptionContext *string `location:"header" locationName:"x-amz-server-side-encryption-context" type:"string" sensitive:"true"` // If x-amz-server-side-encryption has a valid value of aws:kms or aws:kms:dsse, - // this header specifies the ID of the Key Management Service (KMS) symmetric + // this header indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutObjectOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms, aws:kms:dsse). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` - // Version of the object. + // Version ID of the object. + // + // If you enable versioning for a bucket, Amazon S3 automatically generates + // a unique version ID for the object being stored. Amazon S3 returns this ID + // in the response. When you enable versioning for a bucket, if Amazon S3 receives + // multiple write requests for the same object simultaneously, it stores all + // of the objects. For more information about versioning, see Adding Objects + // to Versioning-Enabled Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html) + // in the Amazon S3 User Guide. For information about returning the versioning + // state of a bucket, see GetBucketVersioning (https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html). + // + // This functionality is not supported for directory buckets. VersionId *string `location:"header" locationName:"x-amz-version-id" type:"string"` } @@ -35677,8 +38597,10 @@ type PutObjectRetentionInput struct { // The bucket name that contains the object you want to apply this Object Retention // configuration to. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) @@ -35690,12 +38612,12 @@ type PutObjectRetentionInput struct { // Indicates whether this action should bypass Governance-mode restrictions. BypassGovernanceRetention *bool `location:"header" locationName:"x-amz-bypass-governance-retention" type:"boolean"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35711,9 +38633,9 @@ type PutObjectRetentionInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The key name for the object that you want to apply this Object Retention @@ -35723,10 +38645,14 @@ type PutObjectRetentionInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // The container element for the Object Retention configuration. @@ -35864,6 +38790,8 @@ type PutObjectRetentionOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` } @@ -35896,30 +38824,33 @@ type PutObjectTaggingInput struct { // The bucket name containing the object. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -35935,9 +38866,9 @@ type PutObjectTaggingInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Name of the object key. @@ -35946,10 +38877,14 @@ type PutObjectTaggingInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for the TagSet and Tag elements @@ -36125,12 +39060,12 @@ type PutPublicAccessBlockInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -36146,9 +39081,9 @@ type PutPublicAccessBlockInput struct { // to be used. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The PublicAccessBlock configuration that you want to apply to this Amazon @@ -37283,30 +40218,33 @@ type RestoreObjectInput struct { // The bucket name containing the object to restore. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -37318,9 +40256,9 @@ type RestoreObjectInput struct { // must be populated with the algorithm's checksum of the request payload. ChecksumAlgorithm *string `location:"header" locationName:"x-amz-sdk-checksum-algorithm" type:"string" enum:"ChecksumAlgorithm"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the action was initiated. @@ -37329,10 +40267,14 @@ type RestoreObjectInput struct { Key *string `location:"uri" locationName:"Key" min:"1" type:"string" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` // Container for restore job parameters. @@ -37468,6 +40410,8 @@ type RestoreObjectOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // Indicates the path in the provided S3 output location where Select results @@ -37626,6 +40570,9 @@ func (s *RestoreRequest) SetType(v string) *RestoreRequest { // about these storage classes and how to work with archived objects, see Working // with archived objects (https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html) // in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Only the S3 Express +// One Zone storage class is supported by directory buckets to store objects. type RestoreStatus struct { _ struct{} `type:"structure"` @@ -38193,9 +41140,9 @@ type SelectObjectContentInput struct { // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // The expression that is used to query the object. @@ -38574,7 +41521,15 @@ type ServerSideEncryptionByDefault struct { // KMS key ID to use for the default encryption. This parameter is allowed if // and only if SSEAlgorithm is set to aws:kms. // - // You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. + // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) + // of the KMS key. + // + // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab + // + // * Key Alias: alias/alias-name + // // If you use a key ID, you can run into a LogDestination undeliverable error // when creating a VPC flow log. // @@ -38582,10 +41537,6 @@ type ServerSideEncryptionByDefault struct { // operations you must use a fully qualified KMS key ARN. For more information, // see Using encryption for cross-account operations (https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). // - // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab - // - // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab - // // Amazon S3 only supports symmetric encryption KMS keys. For more information, // see Asymmetric keys in Amazon Web Services KMS (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) // in the Amazon Web Services Key Management Service Developer Guide. @@ -38766,6 +41717,118 @@ func (s *ServerSideEncryptionRule) SetBucketKeyEnabled(v bool) *ServerSideEncryp return s } +// The established temporary security credentials of the session. +// +// Directory buckets - These session credentials are only supported for the +// authentication and authorization of Zonal endpoint APIs on directory buckets. +type SessionCredentials struct { + _ struct{} `type:"structure"` + + // A unique identifier that's associated with a secret access key. The access + // key ID and the secret access key are used together to sign programmatic Amazon + // Web Services requests cryptographically. + // + // AccessKeyId is a required field + AccessKeyId *string `locationName:"AccessKeyId" type:"string" required:"true"` + + // Temporary security credentials expire after a specified interval. After temporary + // credentials expire, any calls that you make with those credentials will fail. + // So you must generate a new set of temporary credentials. Temporary credentials + // cannot be extended or refreshed beyond the original specified interval. + // + // Expiration is a required field + Expiration *time.Time `locationName:"Expiration" type:"timestamp" required:"true"` + + // A key that's used with the access key ID to cryptographically sign programmatic + // Amazon Web Services requests. Signing a request identifies the sender and + // prevents the request from being altered. + // + // SecretAccessKey is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SecretAccessKey is a required field + SecretAccessKey *string `locationName:"SecretAccessKey" type:"string" required:"true" sensitive:"true"` + + // A part of the temporary security credentials. The session token is used to + // validate the temporary security credentials. + // + // SessionToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by SessionCredentials's + // String and GoString methods. + // + // SessionToken is a required field + SessionToken *string `locationName:"SessionToken" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SessionCredentials) GoString() string { + return s.String() +} + +// SetAccessKeyId sets the AccessKeyId field's value. +func (s *SessionCredentials) SetAccessKeyId(v string) *SessionCredentials { + s.AccessKeyId = &v + return s +} + +// SetExpiration sets the Expiration field's value. +func (s *SessionCredentials) SetExpiration(v time.Time) *SessionCredentials { + s.Expiration = &v + return s +} + +// SetSecretAccessKey sets the SecretAccessKey field's value. +func (s *SessionCredentials) SetSecretAccessKey(v string) *SessionCredentials { + s.SecretAccessKey = &v + return s +} + +// SetSessionToken sets the SessionToken field's value. +func (s *SessionCredentials) SetSessionToken(v string) *SessionCredentials { + s.SessionToken = &v + return s +} + +// To use simple format for S3 keys for log objects, set SimplePrefix to an +// empty object. +// +// [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] +type SimplePrefix struct { + _ struct{} `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SimplePrefix) GoString() string { + return s.String() +} + // A container that describes additional filters for identifying the source // objects that you want to replicate. You can choose to enable or disable the // replication of these objects. Currently, Amazon S3 supports only the filter @@ -39302,6 +42365,49 @@ func (s *TargetGrant) SetPermission(v string) *TargetGrant { return s } +// Amazon S3 key format for log objects. Only one format, PartitionedPrefix +// or SimplePrefix, is allowed. +type TargetObjectKeyFormat struct { + _ struct{} `type:"structure"` + + // Partitioned S3 key for log objects. + PartitionedPrefix *PartitionedPrefix `locationName:"PartitionedPrefix" type:"structure"` + + // To use the simple format for S3 keys for log objects. To specify SimplePrefix + // format, set SimplePrefix to {}. + SimplePrefix *SimplePrefix `locationName:"SimplePrefix" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TargetObjectKeyFormat) GoString() string { + return s.String() +} + +// SetPartitionedPrefix sets the PartitionedPrefix field's value. +func (s *TargetObjectKeyFormat) SetPartitionedPrefix(v *PartitionedPrefix) *TargetObjectKeyFormat { + s.PartitionedPrefix = v + return s +} + +// SetSimplePrefix sets the SimplePrefix field's value. +func (s *TargetObjectKeyFormat) SetSimplePrefix(v *SimplePrefix) *TargetObjectKeyFormat { + s.SimplePrefix = v + return s +} + // The S3 Intelligent-Tiering storage class is designed to optimize storage // costs by automatically moving data to the most cost-effective storage access // tier, without additional operational overhead. @@ -39586,19 +42692,33 @@ type UploadPartCopyInput struct { // The bucket name. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field @@ -39620,34 +42740,81 @@ type UploadPartCopyInput struct { // my-access-point owned by account 123456789012 in Region us-west-2, use // the URL encoding of arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf. // The value must be URL encoded. Amazon S3 supports copy operations using - // access points only when the source and destination buckets are in the - // same Amazon Web Services Region. Alternatively, for objects accessed through - // Amazon S3 on Outposts, specify the ARN of the object as accessed in the - // format arn:aws:s3-outposts:::outpost//object/. + // Access points only when the source and destination buckets are in the + // same Amazon Web Services Region. Access points are not supported by directory + // buckets. Alternatively, for objects accessed through Amazon S3 on Outposts, + // specify the ARN of the object as accessed in the format arn:aws:s3-outposts:::outpost//object/. // For example, to copy the object reports/january.pdf through outpost my-outpost // owned by account 123456789012 in Region us-west-2, use the URL encoding // of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf. // The value must be URL-encoded. // - // To copy a specific version of an object, append ?versionId= to - // the value (for example, awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). - // If you don't specify a version ID, Amazon S3 copies the latest version of - // the source object. + // If your bucket has versioning enabled, you could have multiple versions of + // the same object. By default, x-amz-copy-source identifies the current version + // of the source object to copy. To copy a specific version of the source object + // to copy, append ?versionId= to the x-amz-copy-source request + // header (for example, x-amz-copy-source: /awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893). + // + // If the current version is a delete marker and you don't specify a versionId + // in the x-amz-copy-source request header, Amazon S3 returns a 404 Not Found + // error, because the object does not exist. If you specify versionId in the + // x-amz-copy-source and the versionId is a delete marker, Amazon S3 returns + // an HTTP 400 Bad Request error, because you are not allowed to specify a delete + // marker as a version for the x-amz-copy-source. + // + // Directory buckets - S3 Versioning isn't enabled and supported for directory + // buckets. // // CopySource is a required field CopySource *string `location:"header" locationName:"x-amz-copy-source" type:"string" required:"true"` // Copies the object if its entity tag (ETag) matches the specified tag. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfMatch *string `location:"header" locationName:"x-amz-copy-source-if-match" type:"string"` // Copies the object if it has been modified since the specified time. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfModifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-modified-since" type:"timestamp"` // Copies the object if its entity tag (ETag) is different than the specified // ETag. + // + // If both of the x-amz-copy-source-if-none-match and x-amz-copy-source-if-modified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-none-match condition evaluates to false, and; + // + // x-amz-copy-source-if-modified-since condition evaluates to true; + // + // Amazon S3 returns 412 Precondition Failed response code. CopySourceIfNoneMatch *string `location:"header" locationName:"x-amz-copy-source-if-none-match" type:"string"` // Copies the object if it hasn't been modified since the specified time. + // + // If both of the x-amz-copy-source-if-match and x-amz-copy-source-if-unmodified-since + // headers are present in the request as follows: + // + // x-amz-copy-source-if-match condition evaluates to true, and; + // + // x-amz-copy-source-if-unmodified-since condition evaluates to false; + // + // Amazon S3 returns 200 OK and copies the data. CopySourceIfUnmodifiedSince *time.Time `location:"header" locationName:"x-amz-copy-source-if-unmodified-since" type:"timestamp"` // The range of bytes to copy from the source object. The range value must use @@ -39659,12 +42826,18 @@ type UploadPartCopyInput struct { // Specifies the algorithm to use when decrypting the source object (for example, // AES256). + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerAlgorithm *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use to decrypt // the source object. The encryption key provided in this header must be one // that was used when the source object was created. // + // This functionality is not supported when the source object is in a directory + // bucket. + // // CopySourceSSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyInput's // String and GoString methods. @@ -39673,16 +42846,19 @@ type UploadPartCopyInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceSSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-copy-source-server-side-encryption-customer-key-MD5" type:"string"` - // The account ID of the expected destination bucket owner. If the destination - // bucket is owned by a different account, the request fails with the HTTP status - // code 403 Forbidden (access denied). + // The account ID of the expected destination bucket owner. If the account ID + // that you provide does not match the actual owner of the destination bucket, + // the request fails with the HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` - // The account ID of the expected source bucket owner. If the source bucket - // is owned by a different account, the request fails with the HTTP status code - // 403 Forbidden (access denied). + // The account ID of the expected source bucket owner. If the account ID that + // you provide does not match the actual owner of the source bucket, the request + // fails with the HTTP status code 403 Forbidden (access denied). ExpectedSourceBucketOwner *string `location:"header" locationName:"x-amz-source-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -39697,14 +42873,20 @@ type UploadPartCopyInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -39714,6 +42896,9 @@ type UploadPartCopyInput struct { // header. This must be the same encryption key specified in the initiate multipart // upload request. // + // This functionality is not supported when the destination bucket is a directory + // bucket. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyInput's // String and GoString methods. @@ -39722,6 +42907,9 @@ type UploadPartCopyInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported when the destination bucket is a directory + // bucket. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being copied. @@ -39946,6 +43134,8 @@ type UploadPartCopyOutput struct { // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // Container for all response elements. @@ -39953,32 +43143,46 @@ type UploadPartCopyOutput struct { // The version of the source object that was copied, if you have enabled versioning // on the source bucket. + // + // This functionality is not supported when the source object is in a directory + // bucket. CopySourceVersionId *string `location:"header" locationName:"x-amz-copy-source-version-id" type:"string"` // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric + // If present, indicates the ID of the Key Management Service (KMS) symmetric // encryption customer managed key that was used for the object. // + // This functionality is not supported for directory buckets. + // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartCopyOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -40056,30 +43260,44 @@ type UploadPartInput struct { // The name of the bucket to which the multipart upload was initiated. // - // When using this action with an access point, you must direct requests to - // the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. + // Directory buckets - When you use this operation with a directory bucket, + // you must use virtual-hosted-style requests in the format Bucket_name.s3express-az_id.region.amazonaws.com. + // Path-style requests are not supported. Directory bucket names must be unique + // in the chosen Availability Zone. Bucket names must follow the format bucket_base_name--az-id--x-s3 + // (for example, DOC-EXAMPLE-BUCKET--usw2-az2--x-s3). For information about + // bucket naming restrictions, see Directory bucket naming rules (https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html) + // in the Amazon S3 User Guide. + // + // Access points - When you use this action with an access point, you must provide + // the alias of the access point in place of the bucket name or specify the + // access point ARN. When using the access point ARN, you must direct requests + // to the access point hostname. The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. // When using this action with an access point through the Amazon Web Services // SDKs, you provide the access point ARN in place of the bucket name. For more // information about access point ARNs, see Using access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html) // in the Amazon S3 User Guide. // - // When you use this action with Amazon S3 on Outposts, you must direct requests - // to the S3 on Outposts hostname. The S3 on Outposts hostname takes the form - // AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. When - // you use this action with S3 on Outposts through the Amazon Web Services SDKs, - // you provide the Outposts access point ARN in place of the bucket name. For - // more information about S3 on Outposts ARNs, see What is S3 on Outposts? (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) + // Access points and Object Lambda access points are not supported by directory + // buckets. + // + // S3 on Outposts - When you use this action with Amazon S3 on Outposts, you + // must direct requests to the S3 on Outposts hostname. The S3 on Outposts hostname + // takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. + // When you use this action with S3 on Outposts through the Amazon Web Services + // SDKs, you provide the Outposts access point ARN in place of the bucket name. + // For more information about S3 on Outposts ARNs, see What is S3 on Outposts? + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/S3onOutposts.html) // in the Amazon S3 User Guide. // // Bucket is a required field Bucket *string `location:"uri" locationName:"Bucket" type:"string" required:"true"` - // Indicates the algorithm used to create the checksum for the object when using - // the SDK. This header will not provide any additional functionality if not - // using the SDK. When sending this header, there must be a corresponding x-amz-checksum - // or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with - // the HTTP status code 400 Bad Request. For more information, see Checking - // object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) + // Indicates the algorithm used to create the checksum for the object when you + // use the SDK. This header will not provide any additional functionality if + // you don't use the SDK. When you send this header, there must be a corresponding + // x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the + // request with the HTTP status code 400 Bad Request. For more information, + // see Checking object integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html) // in the Amazon S3 User Guide. // // If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm @@ -40129,11 +43347,13 @@ type UploadPartInput struct { // The base64-encoded 128-bit MD5 digest of the part data. This parameter is // auto-populated when using the command from the CLI. This parameter is required // if object lock parameters are specified. + // + // This functionality is not supported for directory buckets. ContentMD5 *string `location:"header" locationName:"Content-MD5" type:"string"` - // The account ID of the expected bucket owner. If the bucket is owned by a - // different account, the request fails with the HTTP status code 403 Forbidden - // (access denied). + // The account ID of the expected bucket owner. If the account ID that you provide + // does not match the actual owner of the bucket, the request fails with the + // HTTP status code 403 Forbidden (access denied). ExpectedBucketOwner *string `location:"header" locationName:"x-amz-expected-bucket-owner" type:"string"` // Object key for which the multipart upload was initiated. @@ -40148,14 +43368,19 @@ type UploadPartInput struct { PartNumber *int64 `location:"querystring" locationName:"partNumber" type:"integer" required:"true"` // Confirms that the requester knows that they will be charged for the request. - // Bucket owners need not specify this parameter in their requests. For information - // about downloading objects from Requester Pays buckets, see Downloading Objects + // Bucket owners need not specify this parameter in their requests. If either + // the source or destination S3 bucket has Requester Pays enabled, the requester + // will pay for corresponding charges to copy the object. For information about + // downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. + // + // This functionality is not supported for directory buckets. RequestPayer *string `location:"header" locationName:"x-amz-request-payer" type:"string" enum:"RequestPayer"` - // Specifies the algorithm to use to when encrypting the object (for example, - // AES256). + // Specifies the algorithm to use when encrypting the object (for example, AES256). + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // Specifies the customer-provided encryption key for Amazon S3 to use in encrypting @@ -40165,6 +43390,8 @@ type UploadPartInput struct { // header. This must be the same encryption key specified in the initiate multipart // upload request. // + // This functionality is not supported for directory buckets. + // // SSECustomerKey is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartInput's // String and GoString methods. @@ -40173,6 +43400,8 @@ type UploadPartInput struct { // Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. // Amazon S3 uses this header for a message integrity check to ensure that the // encryption key was transmitted without error. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` // Upload ID identifying the multipart upload whose part is being uploaded. @@ -40375,37 +43604,47 @@ type UploadPartOutput struct { // Indicates whether the multipart upload uses an S3 Bucket Key for server-side // encryption with Key Management Service (KMS) keys (SSE-KMS). + // + // This functionality is not supported for directory buckets. BucketKeyEnabled *bool `location:"header" locationName:"x-amz-server-side-encryption-bucket-key-enabled" type:"boolean"` // The base64-encoded, 32-bit CRC32 checksum of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32 *string `location:"header" locationName:"x-amz-checksum-crc32" type:"string"` // The base64-encoded, 32-bit CRC32C checksum of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumCRC32C *string `location:"header" locationName:"x-amz-checksum-crc32c" type:"string"` // The base64-encoded, 160-bit SHA-1 digest of the object. This will only be - // present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // present if it was uploaded with the object. When you use the API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA1 *string `location:"header" locationName:"x-amz-checksum-sha1" type:"string"` // The base64-encoded, 256-bit SHA-256 digest of the object. This will only - // be present if it was uploaded with the object. With multipart uploads, this - // may not be a checksum value of the object. For more information about how - // checksums are calculated with multipart uploads, see Checking object integrity - // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) + // be present if it was uploaded with the object. When you use an API operation + // on an object that was uploaded using multipart uploads, this value may not + // be a direct checksum value of the full object. Instead, it's a calculation + // based on the checksum values of each individual part. For more information + // about how checksums are calculated with multipart uploads, see Checking object + // integrity (https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html#large-object-checksums) // in the Amazon S3 User Guide. ChecksumSHA256 *string `location:"header" locationName:"x-amz-checksum-sha256" type:"string"` @@ -40414,28 +43653,39 @@ type UploadPartOutput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-request-charged" type:"string" enum:"RequestCharged"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header confirming the encryption algorithm - // used. + // the response will include this header to confirm the encryption algorithm + // that's used. + // + // This functionality is not supported for directory buckets. SSECustomerAlgorithm *string `location:"header" locationName:"x-amz-server-side-encryption-customer-algorithm" type:"string"` // If server-side encryption with a customer-provided encryption key was requested, - // the response will include this header to provide round-trip message integrity + // the response will include this header to provide the round-trip message integrity // verification of the customer-provided encryption key. + // + // This functionality is not supported for directory buckets. SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Key Management Service (KMS) symmetric - // encryption customer managed key was used for the object. + // If present, indicates the ID of the Key Management Service (KMS) symmetric + // encryption customer managed key that was used for the object. + // + // This functionality is not supported for directory buckets. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UploadPartOutput's // String and GoString methods. SSEKMSKeyId *string `location:"header" locationName:"x-amz-server-side-encryption-aws-kms-key-id" type:"string" sensitive:"true"` - // The server-side encryption algorithm used when storing this object in Amazon + // The server-side encryption algorithm used when you store this object in Amazon // S3 (for example, AES256, aws:kms). + // + // For directory buckets, only server-side encryption with Amazon S3 managed + // keys (SSE-S3) (AES256) is supported. ServerSideEncryption *string `location:"header" locationName:"x-amz-server-side-encryption" type:"string" enum:"ServerSideEncryption"` } @@ -40819,6 +44069,8 @@ type WriteGetObjectResponseInput struct { // If present, indicates that the requester was successfully charged for the // request. + // + // This functionality is not supported for directory buckets. RequestCharged *string `location:"header" locationName:"x-amz-fwd-header-x-amz-request-charged" type:"string" enum:"RequestCharged"` // Route prefix to the HTTP URL generated. @@ -40845,9 +44097,9 @@ type WriteGetObjectResponseInput struct { // server-side encryption with customer-provided encryption keys (SSE-C) (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html). SSECustomerKeyMD5 *string `location:"header" locationName:"x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5" type:"string"` - // If present, specifies the ID of the Amazon Web Services Key Management Service - // (Amazon Web Services KMS) symmetric encryption customer managed key that - // was used for stored in Amazon S3 object. + // If present, specifies the ID (Key ID, Key ARN, or Key Alias) of the Amazon + // Web Services Key Management Service (Amazon Web Services KMS) symmetric encryption + // customer managed key that was used for stored in Amazon S3 object. // // SSEKMSKeyId is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by WriteGetObjectResponseInput's @@ -41295,6 +44547,9 @@ const ( // BucketLocationConstraintApSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintApSouth1 = "ap-south-1" + // BucketLocationConstraintApSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintApSouth2 = "ap-south-2" + // BucketLocationConstraintApSoutheast1 is a BucketLocationConstraint enum value BucketLocationConstraintApSoutheast1 = "ap-southeast-1" @@ -41325,6 +44580,9 @@ const ( // BucketLocationConstraintEuSouth1 is a BucketLocationConstraint enum value BucketLocationConstraintEuSouth1 = "eu-south-1" + // BucketLocationConstraintEuSouth2 is a BucketLocationConstraint enum value + BucketLocationConstraintEuSouth2 = "eu-south-2" + // BucketLocationConstraintEuWest1 is a BucketLocationConstraint enum value BucketLocationConstraintEuWest1 = "eu-west-1" @@ -41354,12 +44612,6 @@ const ( // BucketLocationConstraintUsWest2 is a BucketLocationConstraint enum value BucketLocationConstraintUsWest2 = "us-west-2" - - // BucketLocationConstraintApSouth2 is a BucketLocationConstraint enum value - BucketLocationConstraintApSouth2 = "ap-south-2" - - // BucketLocationConstraintEuSouth2 is a BucketLocationConstraint enum value - BucketLocationConstraintEuSouth2 = "eu-south-2" ) // BucketLocationConstraint_Values returns all elements of the BucketLocationConstraint enum @@ -41371,6 +44623,7 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintApNortheast2, BucketLocationConstraintApNortheast3, BucketLocationConstraintApSouth1, + BucketLocationConstraintApSouth2, BucketLocationConstraintApSoutheast1, BucketLocationConstraintApSoutheast2, BucketLocationConstraintApSoutheast3, @@ -41381,6 +44634,7 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintEuCentral1, BucketLocationConstraintEuNorth1, BucketLocationConstraintEuSouth1, + BucketLocationConstraintEuSouth2, BucketLocationConstraintEuWest1, BucketLocationConstraintEuWest2, BucketLocationConstraintEuWest3, @@ -41391,8 +44645,6 @@ func BucketLocationConstraint_Values() []string { BucketLocationConstraintUsGovWest1, BucketLocationConstraintUsWest1, BucketLocationConstraintUsWest2, - BucketLocationConstraintApSouth2, - BucketLocationConstraintEuSouth2, } } @@ -41416,6 +44668,18 @@ func BucketLogsPermission_Values() []string { } } +const ( + // BucketTypeDirectory is a BucketType enum value + BucketTypeDirectory = "Directory" +) + +// BucketType_Values returns all elements of the BucketType enum +func BucketType_Values() []string { + return []string{ + BucketTypeDirectory, + } +} + const ( // BucketVersioningStatusEnabled is a BucketVersioningStatus enum value BucketVersioningStatusEnabled = "Enabled" @@ -41488,6 +44752,18 @@ func CompressionType_Values() []string { } } +const ( + // DataRedundancySingleAvailabilityZone is a DataRedundancy enum value + DataRedundancySingleAvailabilityZone = "SingleAvailabilityZone" +) + +// DataRedundancy_Values returns all elements of the DataRedundancy enum +func DataRedundancy_Values() []string { + return []string{ + DataRedundancySingleAvailabilityZone, + } +} + const ( // DeleteMarkerReplicationStatusEnabled is a DeleteMarkerReplicationStatus enum value DeleteMarkerReplicationStatusEnabled = "Enabled" @@ -41887,6 +45163,18 @@ func JSONType_Values() []string { } } +const ( + // LocationTypeAvailabilityZone is a LocationType enum value + LocationTypeAvailabilityZone = "AvailabilityZone" +) + +// LocationType_Values returns all elements of the LocationType enum +func LocationType_Values() []string { + return []string{ + LocationTypeAvailabilityZone, + } +} + const ( // MFADeleteEnabled is a MFADelete enum value MFADeleteEnabled = "Enabled" @@ -42087,8 +45375,19 @@ func ObjectLockRetentionMode_Values() []string { // BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer // affect permissions. The bucket owner automatically owns and has full control // over every object in the bucket. The bucket only accepts PUT requests that -// don't specify an ACL or bucket owner full control ACLs, such as the bucket-owner-full-control -// canned ACL or an equivalent form of this ACL expressed in the XML format. +// don't specify an ACL or specify bucket owner full control ACLs (such as the +// predefined bucket-owner-full-control canned ACL or a custom ACL in XML format +// that grants the same permissions). +// +// By default, ObjectOwnership is set to BucketOwnerEnforced and ACLs are disabled. +// We recommend keeping ACLs disabled, except in uncommon use cases where you +// must control access for each object individually. For more information about +// S3 Object Ownership, see Controlling ownership of objects and disabling ACLs +// for your bucket (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) +// in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. Directory buckets +// use the bucket owner enforced setting for S3 Object Ownership. const ( // ObjectOwnershipBucketOwnerPreferred is a ObjectOwnership enum value ObjectOwnershipBucketOwnerPreferred = "BucketOwnerPreferred" @@ -42139,6 +45438,9 @@ const ( // ObjectStorageClassSnow is a ObjectStorageClass enum value ObjectStorageClassSnow = "SNOW" + + // ObjectStorageClassExpressOnezone is a ObjectStorageClass enum value + ObjectStorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // ObjectStorageClass_Values returns all elements of the ObjectStorageClass enum @@ -42154,6 +45456,7 @@ func ObjectStorageClass_Values() []string { ObjectStorageClassOutposts, ObjectStorageClassGlacierIr, ObjectStorageClassSnow, + ObjectStorageClassExpressOnezone, } } @@ -42193,6 +45496,22 @@ func OwnerOverride_Values() []string { } } +const ( + // PartitionDateSourceEventTime is a PartitionDateSource enum value + PartitionDateSourceEventTime = "EventTime" + + // PartitionDateSourceDeliveryTime is a PartitionDateSource enum value + PartitionDateSourceDeliveryTime = "DeliveryTime" +) + +// PartitionDateSource_Values returns all elements of the PartitionDateSource enum +func PartitionDateSource_Values() []string { + return []string{ + PartitionDateSourceEventTime, + PartitionDateSourceDeliveryTime, + } +} + const ( // PayerRequester is a Payer enum value PayerRequester = "Requester" @@ -42313,6 +45632,9 @@ const ( // ReplicationStatusReplica is a ReplicationStatus enum value ReplicationStatusReplica = "REPLICA" + + // ReplicationStatusCompleted is a ReplicationStatus enum value + ReplicationStatusCompleted = "COMPLETED" ) // ReplicationStatus_Values returns all elements of the ReplicationStatus enum @@ -42322,6 +45644,7 @@ func ReplicationStatus_Values() []string { ReplicationStatusPending, ReplicationStatusFailed, ReplicationStatusReplica, + ReplicationStatusCompleted, } } @@ -42343,6 +45666,8 @@ func ReplicationTimeStatus_Values() []string { // If present, indicates that the requester was successfully charged for the // request. +// +// This functionality is not supported for directory buckets. const ( // RequestChargedRequester is a RequestCharged enum value RequestChargedRequester = "requester" @@ -42356,10 +45681,14 @@ func RequestCharged_Values() []string { } // Confirms that the requester knows that they will be charged for the request. -// Bucket owners need not specify this parameter in their requests. For information -// about downloading objects from Requester Pays buckets, see Downloading Objects +// Bucket owners need not specify this parameter in their requests. If either +// the source or destination S3 bucket has Requester Pays enabled, the requester +// will pay for corresponding charges to copy the object. For information about +// downloading objects from Requester Pays buckets, see Downloading Objects // in Requester Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) // in the Amazon S3 User Guide. +// +// This functionality is not supported for directory buckets. const ( // RequestPayerRequester is a RequestPayer enum value RequestPayerRequester = "requester" @@ -42404,6 +45733,22 @@ func ServerSideEncryption_Values() []string { } } +const ( + // SessionModeReadOnly is a SessionMode enum value + SessionModeReadOnly = "ReadOnly" + + // SessionModeReadWrite is a SessionMode enum value + SessionModeReadWrite = "ReadWrite" +) + +// SessionMode_Values returns all elements of the SessionMode enum +func SessionMode_Values() []string { + return []string{ + SessionModeReadOnly, + SessionModeReadWrite, + } +} + const ( // SseKmsEncryptedObjectsStatusEnabled is a SseKmsEncryptedObjectsStatus enum value SseKmsEncryptedObjectsStatusEnabled = "Enabled" @@ -42450,6 +45795,9 @@ const ( // StorageClassSnow is a StorageClass enum value StorageClassSnow = "SNOW" + + // StorageClassExpressOnezone is a StorageClass enum value + StorageClassExpressOnezone = "EXPRESS_ONEZONE" ) // StorageClass_Values returns all elements of the StorageClass enum @@ -42465,6 +45813,7 @@ func StorageClass_Values() []string { StorageClassOutposts, StorageClassGlacierIr, StorageClassSnow, + StorageClassExpressOnezone, } } diff --git a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go index cd6a2e8a..8a67333a 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/s3/errors.go @@ -25,6 +25,15 @@ const ( // "InvalidObjectState". // // Object is archived and inaccessible until restored. + // + // If the object you are retrieving is stored in the S3 Glacier Flexible Retrieval + // storage class, the S3 Glacier Deep Archive storage class, the S3 Intelligent-Tiering + // Archive Access tier, or the S3 Intelligent-Tiering Deep Archive Access tier, + // before you can retrieve the object you must first restore a copy using RestoreObject + // (https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html). + // Otherwise, this operation returns an InvalidObjectState error. For information + // about restoring archived objects, see Restoring Archived Objects (https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html) + // in the Amazon S3 User Guide. ErrCodeInvalidObjectState = "InvalidObjectState" // ErrCodeNoSuchBucket for service response error code diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go index c743913c..04f6c811 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/api.go @@ -56,9 +56,10 @@ func (c *SSOOIDC) CreateTokenRequest(input *CreateTokenInput) (req *request.Requ // CreateToken API operation for AWS SSO OIDC. // -// Creates and returns an access token for the authorized client. The access -// token issued will be used to fetch short-term credentials for the assigned -// roles in the AWS account. +// Creates and returns access and refresh tokens for clients that are authenticated +// using client secrets. The access token can be used to fetch short-term credentials +// for the assigned AWS accounts or to access application APIs using bearer +// authentication. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -133,6 +134,131 @@ func (c *SSOOIDC) CreateTokenWithContext(ctx aws.Context, input *CreateTokenInpu return out, req.Send() } +const opCreateTokenWithIAM = "CreateTokenWithIAM" + +// CreateTokenWithIAMRequest generates a "aws/request.Request" representing the +// client's request for the CreateTokenWithIAM operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTokenWithIAM for more information on using the CreateTokenWithIAM +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateTokenWithIAMRequest method. +// req, resp := client.CreateTokenWithIAMRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAMRequest(input *CreateTokenWithIAMInput) (req *request.Request, output *CreateTokenWithIAMOutput) { + op := &request.Operation{ + Name: opCreateTokenWithIAM, + HTTPMethod: "POST", + HTTPPath: "/token?aws_iam=t", + } + + if input == nil { + input = &CreateTokenWithIAMInput{} + } + + output = &CreateTokenWithIAMOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTokenWithIAM API operation for AWS SSO OIDC. +// +// Creates and returns access and refresh tokens for clients and applications +// that are authenticated using IAM entities. The access token can be used to +// fetch short-term credentials for the assigned AWS accounts or to access application +// APIs using bearer authentication. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SSO OIDC's +// API operation CreateTokenWithIAM for usage and error information. +// +// Returned Error Types: +// +// - InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a required parameter might be missing or out of range. +// +// - InvalidClientException +// Indicates that the clientId or clientSecret in the request is invalid. For +// example, this can occur when a client sends an incorrect clientId or an expired +// clientSecret. +// +// - InvalidGrantException +// Indicates that a request contains an invalid grant. This can occur if a client +// makes a CreateToken request with an invalid grant type. +// +// - UnauthorizedClientException +// Indicates that the client is not currently authorized to make the request. +// This can happen when a clientId is not issued for a public client. +// +// - UnsupportedGrantTypeException +// Indicates that the grant type in the request is not supported by the service. +// +// - InvalidScopeException +// Indicates that the scope provided in the request is invalid. +// +// - AuthorizationPendingException +// Indicates that a request to authorize a client with an access user session +// token is pending. +// +// - SlowDownException +// Indicates that the client is making the request too frequently and is more +// than the service can handle. +// +// - AccessDeniedException +// You do not have sufficient access to perform this action. +// +// - ExpiredTokenException +// Indicates that the token issued by the service is expired and is no longer +// valid. +// +// - InternalServerException +// Indicates that an error from the service occurred while trying to process +// a request. +// +// - InvalidRequestRegionException +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/sso-oidc-2019-06-10/CreateTokenWithIAM +func (c *SSOOIDC) CreateTokenWithIAM(input *CreateTokenWithIAMInput) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + return out, req.Send() +} + +// CreateTokenWithIAMWithContext is the same as CreateTokenWithIAM with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTokenWithIAM for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SSOOIDC) CreateTokenWithIAMWithContext(ctx aws.Context, input *CreateTokenWithIAMInput, opts ...request.Option) (*CreateTokenWithIAMOutput, error) { + req, out := c.CreateTokenWithIAMRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opRegisterClient = "RegisterClient" // RegisterClientRequest generates a "aws/request.Request" representing the @@ -331,8 +457,11 @@ type AccessDeniedException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be access_denied. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -400,8 +529,11 @@ type AuthorizationPendingException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be authorization_pending. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -466,8 +598,8 @@ func (s *AuthorizationPendingException) RequestID() string { type CreateTokenInput struct { _ struct{} `type:"structure"` - // The unique identifier string for each client. This value should come from - // the persisted result of the RegisterClient API. + // The unique identifier string for the client or application. This value comes + // from the result of the RegisterClient API. // // ClientId is a required field ClientId *string `locationName:"clientId" type:"string" required:"true"` @@ -475,23 +607,30 @@ type CreateTokenInput struct { // A secret string generated for the client. This value should come from the // persisted result of the RegisterClient API. // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + // // ClientSecret is a required field - ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` - // The authorization code received from the authorization service. This parameter - // is required to perform an authorization grant request to get access to a - // token. + // Used only when calling this API for the Authorization Code grant type. The + // short-term code is used to identify this authorization request. This grant + // type is currently unsupported for the CreateToken API. Code *string `locationName:"code" type:"string"` - // Used only when calling this API for the device code grant type. This short-term - // code is used to identify this authentication attempt. This should come from - // an in-memory reference to the result of the StartDeviceAuthorization API. + // Used only when calling this API for the Device Code grant type. This short-term + // code is used to identify this authorization request. This comes from the + // result of the StartDeviceAuthorization API. DeviceCode *string `locationName:"deviceCode" type:"string"` - // Supports grant types for the authorization code, refresh token, and device - // code request. For device code requests, specify the following value: + // Supports the following OAuth grant types: Device Code and Refresh Token. + // Specify either of the following values, depending on the grant type that + // you want: // - // urn:ietf:params:oauth:grant-type:device_code + // * Device Code - urn:ietf:params:oauth:grant-type:device_code + // + // * Refresh Token - refresh_token // // For information about how to obtain the device code, see the StartDeviceAuthorization // topic. @@ -499,21 +638,28 @@ type CreateTokenInput struct { // GrantType is a required field GrantType *string `locationName:"grantType" type:"string" required:"true"` - // The location of the application that will receive the authorization code. - // Users authorize the service to send the request to this location. + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. RedirectUri *string `locationName:"redirectUri" type:"string"` - // Currently, refreshToken is not yet implemented and is not supported. For - // more information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. // - // The token used to obtain an access token in the event that the access token - // is invalid or expired. - RefreshToken *string `locationName:"refreshToken" type:"string"` + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` - // The list of scopes that is defined by the client. Upon authorization, this - // list is used to restrict permissions when granting an access token. + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If this value is + // not specified, IAM Identity Center authorizes all scopes that are configured + // for the client during the call to RegisterClient. Scope []*string `locationName:"scope" type:"list"` } @@ -605,31 +751,43 @@ func (s *CreateTokenInput) SetScope(v []*string) *CreateTokenInput { type CreateTokenOutput struct { _ struct{} `type:"structure"` - // An opaque token to access IAM Identity Center resources assigned to a user. - AccessToken *string `locationName:"accessToken" type:"string"` + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` // Indicates the time in seconds when an access token will expire. ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` - // Currently, idToken is not yet implemented and is not supported. For more - // information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // The idToken is not implemented or supported. For more information about the + // features and limitations of the current IAM Identity Center OIDC implementation, + // see Considerations for Using this Guide in the IAM Identity Center OIDC API + // Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). // - // The identifier of the user that associated with the access token, if present. - IdToken *string `locationName:"idToken" type:"string"` + // A JSON Web Token (JWT) that identifies who is associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` - // Currently, refreshToken is not yet implemented and is not supported. For - // more information about the features and limitations of the current IAM Identity - // Center OIDC implementation, see Considerations for Using this Guide in the - // IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). - // // A token that, if present, can be used to refresh a previously issued access // token that might have expired. - RefreshToken *string `locationName:"refreshToken" type:"string"` + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` // Used to notify the client that the returned token is an access token. The - // supported type is BearerToken. + // supported token type is Bearer. TokenType *string `locationName:"tokenType" type:"string"` } @@ -681,14 +839,312 @@ func (s *CreateTokenOutput) SetTokenType(v string) *CreateTokenOutput { return s } +type CreateTokenWithIAMInput struct { + _ struct{} `type:"structure"` + + // Used only when calling this API for the JWT Bearer grant type. This value + // specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize + // a trusted token issuer, configure the JWT Bearer GrantOptions for the application. + // + // Assertion is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + Assertion *string `locationName:"assertion" type:"string" sensitive:"true"` + + // The unique identifier string for the client or application. This value is + // an application ARN that has OAuth grants configured. + // + // ClientId is a required field + ClientId *string `locationName:"clientId" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // short-term code is used to identify this authorization request. The code + // is obtained through a redirect from IAM Identity Center to a redirect URI + // persisted in the Authorization Code GrantOptions for the application. + Code *string `locationName:"code" type:"string"` + + // Supports the following OAuth grant types: Authorization Code, Refresh Token, + // JWT Bearer, and Token Exchange. Specify one of the following values, depending + // on the grant type that you want: + // + // * Authorization Code - authorization_code + // + // * Refresh Token - refresh_token + // + // * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer + // + // * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange + // + // GrantType is a required field + GrantType *string `locationName:"grantType" type:"string" required:"true"` + + // Used only when calling this API for the Authorization Code grant type. This + // value specifies the location of the client or application that has registered + // to receive the authorization code. + RedirectUri *string `locationName:"redirectUri" type:"string"` + + // Used only when calling this API for the Refresh Token grant type. This token + // is used to refresh short-term tokens, such as the access token, that might + // expire. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that the requester can receive. The following + // values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + RequestedTokenType *string `locationName:"requestedTokenType" type:"string"` + + // The list of scopes for which authorization is requested. The access token + // that is issued is limited to the scopes that are granted. If the value is + // not specified, IAM Identity Center authorizes all scopes configured for the + // application, including the following default scopes: openid, aws, sts:identity_context. + Scope []*string `locationName:"scope" type:"list"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the subject of the exchange. The value of the subject token must + // be an access token issued by IAM Identity Center to a different client or + // application. The access token must have authorized scopes that indicate the + // requested application as a target audience. + // + // SubjectToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMInput's + // String and GoString methods. + SubjectToken *string `locationName:"subjectToken" type:"string" sensitive:"true"` + + // Used only when calling this API for the Token Exchange grant type. This value + // specifies the type of token that is passed as the subject of the exchange. + // The following value is supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + SubjectTokenType *string `locationName:"subjectTokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTokenWithIAMInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTokenWithIAMInput"} + if s.ClientId == nil { + invalidParams.Add(request.NewErrParamRequired("ClientId")) + } + if s.GrantType == nil { + invalidParams.Add(request.NewErrParamRequired("GrantType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssertion sets the Assertion field's value. +func (s *CreateTokenWithIAMInput) SetAssertion(v string) *CreateTokenWithIAMInput { + s.Assertion = &v + return s +} + +// SetClientId sets the ClientId field's value. +func (s *CreateTokenWithIAMInput) SetClientId(v string) *CreateTokenWithIAMInput { + s.ClientId = &v + return s +} + +// SetCode sets the Code field's value. +func (s *CreateTokenWithIAMInput) SetCode(v string) *CreateTokenWithIAMInput { + s.Code = &v + return s +} + +// SetGrantType sets the GrantType field's value. +func (s *CreateTokenWithIAMInput) SetGrantType(v string) *CreateTokenWithIAMInput { + s.GrantType = &v + return s +} + +// SetRedirectUri sets the RedirectUri field's value. +func (s *CreateTokenWithIAMInput) SetRedirectUri(v string) *CreateTokenWithIAMInput { + s.RedirectUri = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMInput) SetRefreshToken(v string) *CreateTokenWithIAMInput { + s.RefreshToken = &v + return s +} + +// SetRequestedTokenType sets the RequestedTokenType field's value. +func (s *CreateTokenWithIAMInput) SetRequestedTokenType(v string) *CreateTokenWithIAMInput { + s.RequestedTokenType = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMInput) SetScope(v []*string) *CreateTokenWithIAMInput { + s.Scope = v + return s +} + +// SetSubjectToken sets the SubjectToken field's value. +func (s *CreateTokenWithIAMInput) SetSubjectToken(v string) *CreateTokenWithIAMInput { + s.SubjectToken = &v + return s +} + +// SetSubjectTokenType sets the SubjectTokenType field's value. +func (s *CreateTokenWithIAMInput) SetSubjectTokenType(v string) *CreateTokenWithIAMInput { + s.SubjectTokenType = &v + return s +} + +type CreateTokenWithIAMOutput struct { + _ struct{} `type:"structure"` + + // A bearer token to access AWS accounts and applications assigned to a user. + // + // AccessToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + AccessToken *string `locationName:"accessToken" type:"string" sensitive:"true"` + + // Indicates the time in seconds when an access token will expire. + ExpiresIn *int64 `locationName:"expiresIn" type:"integer"` + + // A JSON Web Token (JWT) that identifies the user associated with the issued + // access token. + // + // IdToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + IdToken *string `locationName:"idToken" type:"string" sensitive:"true"` + + // Indicates the type of tokens that are issued by IAM Identity Center. The + // following values are supported: + // + // * Access Token - urn:ietf:params:oauth:token-type:access_token + // + // * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token + IssuedTokenType *string `locationName:"issuedTokenType" type:"string"` + + // A token that, if present, can be used to refresh a previously issued access + // token that might have expired. + // + // For more information about the features and limitations of the current IAM + // Identity Center OIDC implementation, see Considerations for Using this Guide + // in the IAM Identity Center OIDC API Reference (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/Welcome.html). + // + // RefreshToken is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateTokenWithIAMOutput's + // String and GoString methods. + RefreshToken *string `locationName:"refreshToken" type:"string" sensitive:"true"` + + // The list of scopes for which authorization is granted. The access token that + // is issued is limited to the scopes that are granted. + Scope []*string `locationName:"scope" type:"list"` + + // Used to notify the requester that the returned token is an access token. + // The supported token type is Bearer. + TokenType *string `locationName:"tokenType" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTokenWithIAMOutput) GoString() string { + return s.String() +} + +// SetAccessToken sets the AccessToken field's value. +func (s *CreateTokenWithIAMOutput) SetAccessToken(v string) *CreateTokenWithIAMOutput { + s.AccessToken = &v + return s +} + +// SetExpiresIn sets the ExpiresIn field's value. +func (s *CreateTokenWithIAMOutput) SetExpiresIn(v int64) *CreateTokenWithIAMOutput { + s.ExpiresIn = &v + return s +} + +// SetIdToken sets the IdToken field's value. +func (s *CreateTokenWithIAMOutput) SetIdToken(v string) *CreateTokenWithIAMOutput { + s.IdToken = &v + return s +} + +// SetIssuedTokenType sets the IssuedTokenType field's value. +func (s *CreateTokenWithIAMOutput) SetIssuedTokenType(v string) *CreateTokenWithIAMOutput { + s.IssuedTokenType = &v + return s +} + +// SetRefreshToken sets the RefreshToken field's value. +func (s *CreateTokenWithIAMOutput) SetRefreshToken(v string) *CreateTokenWithIAMOutput { + s.RefreshToken = &v + return s +} + +// SetScope sets the Scope field's value. +func (s *CreateTokenWithIAMOutput) SetScope(v []*string) *CreateTokenWithIAMOutput { + s.Scope = v + return s +} + +// SetTokenType sets the TokenType field's value. +func (s *CreateTokenWithIAMOutput) SetTokenType(v string) *CreateTokenWithIAMOutput { + s.TokenType = &v + return s +} + // Indicates that the token issued by the service is expired and is no longer // valid. type ExpiredTokenException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be expired_token. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -756,8 +1212,11 @@ type InternalServerException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be server_error. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -826,8 +1285,11 @@ type InvalidClientException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_client. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -895,8 +1357,11 @@ type InvalidClientMetadataException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_client_metadata. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -964,8 +1429,11 @@ type InvalidGrantException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_grant. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1033,8 +1501,11 @@ type InvalidRequestException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_request. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1096,13 +1567,95 @@ func (s *InvalidRequestException) RequestID() string { return s.RespMetadata.RequestID } +// Indicates that a token provided as input to the request was issued by and +// is only usable by calling IAM Identity Center endpoints in another region. +type InvalidRequestRegionException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + // Indicates the IAM Identity Center endpoint which the requester may call with + // this token. + Endpoint *string `locationName:"endpoint" type:"string"` + + // Single error code. For this exception the value will be invalid_request. + Error_ *string `locationName:"error" type:"string"` + + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. + Error_description *string `locationName:"error_description" type:"string"` + + Message_ *string `locationName:"message" type:"string"` + + // Indicates the region which the requester may call with this token. + Region *string `locationName:"region" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestRegionException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestRegionException(v protocol.ResponseMetadata) error { + return &InvalidRequestRegionException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestRegionException) Code() string { + return "InvalidRequestRegionException" +} + +// Message returns the exception's message. +func (s *InvalidRequestRegionException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestRegionException) OrigErr() error { + return nil +} + +func (s *InvalidRequestRegionException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestRegionException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestRegionException) RequestID() string { + return s.RespMetadata.RequestID +} + // Indicates that the scope provided in the request is invalid. type InvalidScopeException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be invalid_scope. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1238,7 +1791,7 @@ func (s *RegisterClientInput) SetScopes(v []*string) *RegisterClientInput { type RegisterClientOutput struct { _ struct{} `type:"structure"` - // The endpoint where the client can request authorization. + // An endpoint that the client can use to request authorization. AuthorizationEndpoint *string `locationName:"authorizationEndpoint" type:"string"` // The unique identifier string for each client. This client uses this identifier @@ -1250,12 +1803,16 @@ type RegisterClientOutput struct { // A secret string generated for the client. The client will use this string // to get authenticated by the service in subsequent calls. - ClientSecret *string `locationName:"clientSecret" type:"string"` + // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RegisterClientOutput's + // String and GoString methods. + ClientSecret *string `locationName:"clientSecret" type:"string" sensitive:"true"` // Indicates the time at which the clientId and clientSecret will become invalid. ClientSecretExpiresAt *int64 `locationName:"clientSecretExpiresAt" type:"long"` - // The endpoint where the client can get an access token. + // An endpoint that the client can use to create tokens. TokenEndpoint *string `locationName:"tokenEndpoint" type:"string"` } @@ -1319,8 +1876,11 @@ type SlowDownException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be slow_down. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1395,11 +1955,15 @@ type StartDeviceAuthorizationInput struct { // A secret string that is generated for the client. This value should come // from the persisted result of the RegisterClient API operation. // + // ClientSecret is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by StartDeviceAuthorizationInput's + // String and GoString methods. + // // ClientSecret is a required field - ClientSecret *string `locationName:"clientSecret" type:"string" required:"true"` + ClientSecret *string `locationName:"clientSecret" type:"string" required:"true" sensitive:"true"` - // The URL for the AWS access portal. For more information, see Using the AWS - // access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) + // The URL for the Amazon Web Services access portal. For more information, + // see Using the Amazon Web Services access portal (https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal.html) // in the IAM Identity Center User Guide. // // StartUrl is a required field @@ -1550,8 +2114,11 @@ type UnauthorizedClientException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be unauthorized_client. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` @@ -1618,8 +2185,11 @@ type UnsupportedGrantTypeException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + // Single error code. For this exception the value will be unsupported_grant_type. Error_ *string `locationName:"error" type:"string"` + // Human-readable text providing additional information, used to assist the + // client developer in understanding the error that occurred. Error_description *string `locationName:"error_description" type:"string"` Message_ *string `locationName:"message" type:"string"` diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go index 8b5ee601..083568c6 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/doc.go @@ -3,15 +3,13 @@ // Package ssooidc provides the client and types for making API // requests to AWS SSO OIDC. // -// AWS IAM Identity Center (successor to AWS Single Sign-On) OpenID Connect -// (OIDC) is a web service that enables a client (such as AWS CLI or a native -// application) to register with IAM Identity Center. The service also enables -// the client to fetch the user’s access token upon successful authentication -// and authorization with IAM Identity Center. +// IAM Identity Center OpenID Connect (OIDC) is a web service that enables a +// client (such as CLI or a native application) to register with IAM Identity +// Center. The service also enables the client to fetch the user’s access +// token upon successful authentication and authorization with IAM Identity +// Center. // -// Although AWS Single Sign-On was renamed, the sso and identitystore API namespaces -// will continue to retain their original name for backward compatibility purposes. -// For more information, see IAM Identity Center rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed). +// IAM Identity Center uses the sso and identitystore API namespaces. // // # Considerations for Using This Guide // @@ -22,21 +20,24 @@ // - The IAM Identity Center OIDC service currently implements only the portions // of the OAuth 2.0 Device Authorization Grant standard (https://tools.ietf.org/html/rfc8628 // (https://tools.ietf.org/html/rfc8628)) that are necessary to enable single -// sign-on authentication with the AWS CLI. Support for other OIDC flows -// frequently needed for native applications, such as Authorization Code -// Flow (+ PKCE), will be addressed in future releases. +// sign-on authentication with the CLI. // -// - The service emits only OIDC access tokens, such that obtaining a new -// token (For example, token refresh) requires explicit user re-authentication. +// - With older versions of the CLI, the service only emits OIDC access tokens, +// so to obtain a new token, users must explicitly re-authenticate. To access +// the OIDC flow that supports token refresh and doesn’t require re-authentication, +// update to the latest CLI version (1.27.10 for CLI V1 and 2.9.0 for CLI +// V2) with support for OIDC token refresh and configurable IAM Identity +// Center session durations. For more information, see Configure Amazon Web +// Services access portal session duration (https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html). // -// - The access tokens provided by this service grant access to all AWS account -// entitlements assigned to an IAM Identity Center user, not just a particular -// application. +// - The access tokens provided by this service grant access to all Amazon +// Web Services account entitlements assigned to an IAM Identity Center user, +// not just a particular application. // // - The documentation in this guide does not describe the mechanism to convert -// the access token into AWS Auth (“sigv4”) credentials for use with -// IAM-protected AWS service endpoints. For more information, see GetRoleCredentials -// (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) +// the access token into Amazon Web Services Auth (“sigv4”) credentials +// for use with IAM-protected Amazon Web Services service endpoints. For +// more information, see GetRoleCredentials (https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_GetRoleCredentials.html) // in the IAM Identity Center Portal API Reference Guide. // // For general information about IAM Identity Center, see What is IAM Identity diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go index 69837701..e6242e49 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/errors.go @@ -64,6 +64,13 @@ const ( // a required parameter might be missing or out of range. ErrCodeInvalidRequestException = "InvalidRequestException" + // ErrCodeInvalidRequestRegionException for service response error code + // "InvalidRequestRegionException". + // + // Indicates that a token provided as input to the request was issued by and + // is only usable by calling IAM Identity Center endpoints in another region. + ErrCodeInvalidRequestRegionException = "InvalidRequestRegionException" + // ErrCodeInvalidScopeException for service response error code // "InvalidScopeException". // @@ -100,6 +107,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "InvalidClientMetadataException": newErrorInvalidClientMetadataException, "InvalidGrantException": newErrorInvalidGrantException, "InvalidRequestException": newErrorInvalidRequestException, + "InvalidRequestRegionException": newErrorInvalidRequestRegionException, "InvalidScopeException": newErrorInvalidScopeException, "SlowDownException": newErrorSlowDownException, "UnauthorizedClientException": newErrorUnauthorizedClientException, diff --git a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go index 969f33c3..782bae36 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go +++ b/vendor/github.com/aws/aws-sdk-go/service/ssooidc/service.go @@ -51,7 +51,7 @@ const ( func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSOOIDC { c := p.ClientConfig(EndpointsID, cfgs...) if c.SigningNameDerived || len(c.SigningName) == 0 { - c.SigningName = "awsssooidc" + c.SigningName = "sso-oauth" } return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) } diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index 11af63b4..2c395f5f 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -1460,7 +1460,15 @@ type AssumeRoleInput struct { // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` - // Reserved for future use. + // A list of previously acquired trusted context assertions in the format of + // a JSON array. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. + // + // The following is an example of a ProvidedContext value that includes a single + // trusted context assertion and the ARN of the context provider from which + // the trusted context assertion was generated. + // + // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}] ProvidedContexts []*ProvidedContext `type:"list"` // The Amazon Resource Name (ARN) of the role to assume. @@ -3405,14 +3413,18 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { return s } -// Reserved for future use. +// Contains information about the provided context. This includes the signed +// and encrypted trusted context assertion and the context provider ARN from +// which the trusted context assertion was generated. type ProvidedContext struct { _ struct{} `type:"structure"` - // Reserved for future use. + // The signed and encrypted trusted context assertion generated by the context + // provider. The trusted context assertion is signed and encrypted by Amazon + // Web Services STS. ContextAssertion *string `min:"4" type:"string"` - // Reserved for future use. + // The context provider ARN from which the trusted context assertion was generated. ProviderArn *string `min:"20" type:"string"` } diff --git a/vendor/modules.txt b/vendor/modules.txt index d0de0151..c7dd2e52 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,8 +91,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/options github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/shared github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version github.com/AzureAD/microsoft-authentication-library-for-go/apps/public -# github.com/aws/aws-sdk-go v1.44.325 -## explicit; go 1.11 +# github.com/aws/aws-sdk-go v1.48.10 +## explicit; go 1.19 github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn github.com/aws/aws-sdk-go/aws/auth/bearer