Periodic update - 2023-04-28

gitlankford · Apr 28, 2023 · 0009290 · 0009290
1 parent e373ea1
commit 0009290
Show file tree

Hide file tree

Showing 39 changed files with 302 additions and 243 deletions.
diff --git a/doc_source/PresignedUrlUploadObject.md b/doc_source/PresignedUrlUploadObject.md
@@ -520,7 +520,7 @@ const createPresignedUrlWithoutClient = async ({ region, bucket, key }) => {
   return formatUrl(signedUrlObject);
 };
 
-const createPresignedUrlWithClient = async ({ region, bucket, key }) => {
+const createPresignedUrlWithClient = ({ region, bucket, key }) => {
   const client = new S3Client({ region });
   const command = new PutObjectCommand({ Bucket: bucket, Key: key });
   return getSignedUrl(client, command, { expiresIn: 3600 });
@@ -551,8 +551,8 @@ function put(url, data) {
 
 export const main = async () => {
   const REGION = "us-east-1";
-  const BUCKET = "coreys-default-bucket";
-  const KEY = "corey_test.txt";
+  const BUCKET = "example_bucket";
+  const KEY = "example_file.txt";
 
   // There are two ways to generate a presigned URL.
   // 1. Use createPresignedUrl without the S3 client.
@@ -610,16 +610,16 @@ const createPresignedUrlWithoutClient = async ({ region, bucket, key }) => {
   return formatUrl(signedUrlObject);
 };
 
-const createPresignedUrlWithClient = async ({ region, bucket, key }) => {
+const createPresignedUrlWithClient = ({ region, bucket, key }) => {
   const client = new S3Client({ region });
   const command = new GetObjectCommand({ Bucket: bucket, Key: key });
   return getSignedUrl(client, command, { expiresIn: 3600 });
 };
 
 export const main = async () => {
   const REGION = "us-east-1";
-  const BUCKET = "coreys-default-bucket";
-  const KEY = "corey_mug.jpg";
+  const BUCKET = "example_bucket";
+  const KEY = "example_file.jpg";
 
   try {
     const noClientUrl = await createPresignedUrlWithoutClient({

diff --git a/doc_source/S3OutpostsAPI.md b/doc_source/S3OutpostsAPI.md
@@ -26,6 +26,7 @@ Amazon S3 on Outposts supports the following Amazon S3 API operations:
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html)
++ [https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectVersions.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html)
@@ -51,13 +52,15 @@ S3 on Outposts supports the following Amazon S3 Control API operations for worki
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketPolicy.html)
 +  [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketReplication.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketReplication.html) 
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketTagging.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketTagging.html)
++  [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketVersioning.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetBucketVersioning.html) 
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPoints.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListAccessPoints.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListRegionalBuckets.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListRegionalBuckets.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutAccessPointPolicy.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketLifecycleConfiguration.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketPolicy.html)
 +  [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketReplication.html) 
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketTagging.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketTagging.html)
++ [https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketVersioning.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_PutBucketVersioning.html)
 
 ## S3 on Outposts API operations for managing Outposts<a name="S3OutpostsAPIs"></a>
 
@@ -66,5 +69,4 @@ S3 on Outposts supports the following Amazon S3 on Outposts API operations for m
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_DeleteEndpoint.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_DeleteEndpoint.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListEndpoints.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListEndpoints.html)
 + [ListOutpostsWithS3](https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListOutpostsWithS3.html)
-+ [ListOutpostsWithS3](https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListOutpostsWithS3.html)
 + [https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListSharedEndpoints.html](https://docs.aws.amazon.com/AmazonS3/latest/API/API_s3outposts_ListSharedEndpoints.html)
diff --git a/doc_source/ShareObjectPreSignedURL.md b/doc_source/ShareObjectPreSignedURL.md
@@ -202,16 +202,16 @@ const createPresignedUrlWithoutClient = async ({ region, bucket, key }) => {
   return formatUrl(signedUrlObject);
 };
 
-const createPresignedUrlWithClient = async ({ region, bucket, key }) => {
+const createPresignedUrlWithClient = ({ region, bucket, key }) => {
   const client = new S3Client({ region });
   const command = new GetObjectCommand({ Bucket: bucket, Key: key });
   return getSignedUrl(client, command, { expiresIn: 3600 });
 };
 
 export const main = async () => {
   const REGION = "us-east-1";
-  const BUCKET = "coreys-default-bucket";
-  const KEY = "corey_mug.jpg";
+  const BUCKET = "example_bucket";
+  const KEY = "example_file.jpg";
 
   try {
     const noClientUrl = await createPresignedUrlWithoutClient({

diff --git a/doc_source/UsingBucket.md b/doc_source/UsingBucket.md
@@ -2,19 +2,19 @@
 
 To upload your data \(photos, videos, documents, etc\.\) to Amazon S3, you must first create an S3 bucket in one of the AWS Regions\. 
 
-A bucket is a container for objects stored in Amazon S3\. You can store any number of objects in a bucket and can have up to 100 buckets in your account\. To request an increase, visit the [Service Quotas Console](https://console.aws.amazon.com/servicequotas/home/services/s3/quotas/)\.
+A bucket is a container for objects stored in Amazon S3\. You can store any number of objects in a bucket and can have up to 100 buckets in your account\. To request an increase, visit the [Service Quotas console](https://console.aws.amazon.com/servicequotas/home/services/s3/quotas/)\.
 
-Every object is contained in a bucket\. For example, if the object named `photos/puppy.jpg` is stored in the `DOC-EXAMPLE-BUCKET` bucket in the US West \(Oregon\) Region, then it is addressable using the URL `https://DOC-EXAMPLE-BUCKET.s3.us-west-2.amazonaws.com/photos/puppy.jpg`\. For more information, see [Accessing a Bucket](access-bucket-intro.md)\. 
+Every object is contained in a bucket\. For example, if the object named `photos/puppy.jpg` is stored in the `DOC-EXAMPLE-BUCKET` bucket in the US West \(Oregon\) Region, then it is addressable by using the URL `https://DOC-EXAMPLE-BUCKET.s3.us-west-2.amazonaws.com/photos/puppy.jpg`\. For more information, see [Accessing a Bucket](access-bucket-intro.md)\. 
 
 In terms of implementation, buckets and objects are AWS resources, and Amazon S3 provides APIs for you to manage them\. For example, you can create a bucket and upload objects using the Amazon S3 API\. You can also use the Amazon S3 console to perform these operations\. The console uses the Amazon S3 APIs to send requests to Amazon S3\. 
 
 This section describes how to work with buckets\. For information about working with objects, see [Amazon S3 objects overview](UsingObjects.md)\.
 
  Amazon S3 supports global buckets, which means that each bucket name must be unique across all AWS accounts in all the AWS Regions within a partition\. A partition is a grouping of Regions\. AWS currently has three partitions: `aws` \(Standard Regions\), `aws-cn` \(China Regions\), and `aws-us-gov` \(AWS GovCloud \(US\)\)\. 
 
- After a bucket is created, the name of that bucket cannot be used by another AWS account in the same partition until the bucket is deleted\. You should not depend on specific bucket naming conventions for availability or security verification purposes\. For bucket naming guidelines, see [Bucket naming rules](bucketnamingrules.md)\.
+After a bucket is created, the name of that bucket cannot be used by another AWS account in the same partition until the bucket is deleted\. You should not depend on specific bucket naming conventions for availability or security verification purposes\. For bucket naming guidelines, see [Bucket naming rules](bucketnamingrules.md)\.
 
-Amazon S3 creates buckets in a Region that you specify\. To optimize latency, minimize costs, or address regulatory requirements, choose any AWS Region that is geographically close to you\. For example, if you reside in Europe, you might find it advantageous to create buckets in the Europe \(Ireland\) or Europe \(Frankfurt\) Regions\. For a list of Amazon S3 Regions, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html) in the *AWS General Reference*\.
+Amazon S3 creates buckets in a Region that you specify\. To reduce latency, minimize costs, or address regulatory requirements, choose any AWS Region that is geographically close to you\. For example, if you reside in Europe, you might find it advantageous to create buckets in the Europe \(Ireland\) or Europe \(Frankfurt\) Regions\. For a list of Amazon S3 Regions, see [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html) in the *AWS General Reference*\.
 
 **Note**  
 Objects that belong to a bucket that you create in a specific AWS Region never leave that Region, unless you explicitly transfer them to another Region\. For example, objects that are stored in the Europe \(Ireland\) Region never leave it\. 
@@ -36,14 +36,18 @@ The AWS account that creates a resource owns that resource\. For example, if you
 
 ## Managing public access to buckets<a name="block-public-access-intro"></a>
 
-Public access is granted to buckets and objects through access control lists \(ACLs\), bucket policies, or both\. To help you manage public access to Amazon S3 resources, Amazon S3 provides settings to block public access\. Amazon S3 Block Public Access settings can override ACLs and bucket policies so that you can enforce uniform limits on public access to these resources\. You can apply Block Public Access settings to individual buckets or to all buckets in your account\.
+Public access is granted to buckets and objects through bucket policies, access control lists \(ACLs\), or both\. To help you manage public access to Amazon S3 resources, Amazon S3 provides settings to block public access\. Amazon S3 Block Public Access settings can override ACLs and bucket policies so that you can enforce uniform limits on public access to these resources\. You can apply Block Public Access settings to individual buckets or to all buckets in your account\.
 
-To help ensure that all of your Amazon S3 buckets and objects have their public access blocked, we recommend that you turn on all four settings for Block Public Access for your account\. These settings block all public access for all current and future buckets\.
+To ensure that all of your Amazon S3 buckets and objects have their public access blocked, all four settings for Block Public Access are enabled by default when you create a new bucket\. We recommend that you turn on all four settings for Block Public Access for your account too\. These settings block all public access for all current and future buckets\.
 
-Before applying these settings, verify that your applications will work correctly without public access\. If you require some level of public access to your buckets or objects—for example, to host a static website as described at [Hosting a static website using Amazon S3](WebsiteHosting.md)—you can customize the individual settings to suit your storage use cases\. For more information, see [Blocking public access to your Amazon S3 storage](access-control-block-public-access.md)\.
+Before applying these settings, verify that your applications will work correctly without public access\. If you require some level of public access to your buckets or objects—for example, to host a static website, as described at [Hosting a static website using Amazon S3](WebsiteHosting.md)—you can customize the individual settings to suit your storage use cases\. For more information, see [Blocking public access to your Amazon S3 storage](access-control-block-public-access.md)\.
+
+ However, we highly recommend keeping Block Public Access enabled\. If you want to keep all four Block Public Access settings enabled and host a static website, you can use Amazon CloudFront origin access control \(OAC\)\. Amazon CloudFront provides the capabilities required to set up a secure static website\. Amazon S3 static websites support only HTTP endpoints\. Amazon CloudFront uses the durable storage of Amazon S3 while providing additional security headers, such as HTTPS\. HTTPS adds security by encrypting a normal HTTP request and protecting against common cyberattacks\. 
+
+For more information, see [Getting started with a secure static website](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/getting-started-secure-static-website-cloudformation-template.html) in the *Amazon CloudFront Developer Guide*\.
 
 **Note**  
-If you see an `Error` when you list your buckets and their public access settings, you might not have the required permissions\. Check to make sure you have the following permissions added to your user or role policy:  
+If you see an `Error` when you list your buckets and their public access settings, you might not have the required permissions\. Make sure that you have the following permissions added to your user or role policy:  
 
 ```
 s3:GetAccountPublicAccessBlock

diff --git a/doc_source/WebsiteAccessPermissionsReqd.md b/doc_source/WebsiteAccessPermissionsReqd.md
@@ -90,12 +90,12 @@ The following policy is an example only and allows full access to the contents o
 
 You can use a bucket policy to grant public read permission to your objects\. However, the bucket policy applies only to objects that are owned by the bucket owner\. If your bucket contains objects that aren't owned by the bucket owner, the bucket owner should use the object access control list \(ACL\) to grant public READ permission on those objects\.
 
-By default, when another AWS account uploads an object to your S3 bucket, that account \(the object writer\) owns the object, has access to it, and can grant other users access to it through ACLs\. You can use Object Ownership to change this default behavior so that ACLs are disabled and you, as the bucket owner, automatically own every object in your bucket\. As a result, access control for your data is based on policies, such as IAM policies, S3 bucket policies, virtual private cloud \(VPC\) endpoint policies, and AWS Organizations service control policies \(SCPs\)\.
+S3 Object Ownership is an Amazon S3 bucket\-level setting that you can use to both control ownership of the objects that are uploaded to your bucket and to disable or enable ACLs\. By default, Object Ownership is set to the bucket owner enforced setting, and all ACLs are disabled\. When ACLs are disabled, the bucket owner owns all the objects in the bucket and manages access to them exclusively by using access\-management policies\.
 
-A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you disable ACLs except in unusual circumstances where you need to control access for each object individually\. With Object Ownership, you can disable ACLs and rely on policies for access control\. When you disable ACLs, you can easily maintain a bucket with objects uploaded by different AWS accounts\. You, as the bucket owner, own all the objects in the bucket and can manage access to them using policies\. For more information, see [Controlling ownership of objects and disabling ACLs for your bucket](about-object-ownership.md)\.
+ A majority of modern use cases in Amazon S3 no longer require the use of ACLs\. We recommend that you keep ACLs disabled, except in unusual circumstances where you need to control access for each object individually\. With ACLs disabled, you can use policies to control access to all objects in your bucket, regardless of who uploaded the objects to your bucket\. For more information, see [Controlling ownership of objects and disabling ACLs for your bucket](about-object-ownership.md)\.
 
 **Important**  
-If your bucket uses the bucket owner enforced setting for S3 Object Ownership, you must use policies to grant access to your bucket and the objects in it\. Requests to set ACLs or update ACLs fail and return the `AccessControlListNotSupported` error code\. Requests to read ACLs are still supported\.
+If your bucket uses the bucket owner enforced setting for S3 Object Ownership, you must use policies to grant access to your bucket and the objects in it\. With the bucket owner enforced setting enabled, requests to set access control lists \(ACLs\) or update ACLs fail and return the `AccessControlListNotSupported` error code\. Requests to read ACLs are still supported\.
 
 To make an object publicly readable using an ACL, grant READ permission to the `AllUsers` group, as shown in the following grant element\. Add this grant element to the object ACL\. For information about managing ACLs, see [Access control list \(ACL\) overview](acl-overview.md)\.