awsdocs
diff --git a/‎doc_source/DeleteMarker.md
Lines changed: 1 addition & 1 deletion b/‎doc_source/DeleteMarker.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc_source/ListingKeysUsingAPIs.md
Lines changed: 21 additions & 0 deletions b/‎doc_source/ListingKeysUsingAPIs.md
Lines changed: 21 additions & 0 deletions
diff --git a/‎doc_source/MrapFailover.md
Lines changed: 1 addition & 1 deletion b/‎doc_source/MrapFailover.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc_source/MrapOperations.md
Lines changed: 1 addition & 1 deletion b/‎doc_source/MrapOperations.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc_source/PresignedUrlUploadObject.md
Lines changed: 12 additions & 10 deletions b/‎doc_source/PresignedUrlUploadObject.md
Lines changed: 12 additions & 10 deletions
diff --git a/‎doc_source/ShareObjectPreSignedURL.md
Lines changed: 99 additions & 0 deletions b/‎doc_source/ShareObjectPreSignedURL.md
Lines changed: 99 additions & 0 deletions
diff --git a/‎doc_source/UsingEncryption.md
Lines changed: 1 addition & 1 deletion b/‎doc_source/UsingEncryption.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc_source/UsingKMSEncryption.md
Lines changed: 3 additions & 3 deletions b/‎doc_source/UsingKMSEncryption.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎doc_source/UsingServerSideEncryption.md
Lines changed: 1 addition & 1 deletion b/‎doc_source/UsingServerSideEncryption.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc_source/access-control-block-public-access.md
Lines changed: 3 additions & 5 deletions b/‎doc_source/access-control-block-public-access.md
Lines changed: 3 additions & 5 deletions
@@ -20,7 +20,7 @@ If you make an API call on an object whose current version is a delete marker an
 + A 405 \(Method Not Allowed\) error
 + A response header, `x-amz-delete-marker: true`
 
-The response header tells you that the object accessed was a delete marker\. This response header never returns `false`\. If the value is `false`, Amazon S3 does not include this response header in the response\.
+The response header tells you that the object accessed was a delete marker\. This response header never returns `false`, because when the value is `false`, Amazon S3 does not include this response header in the response\.
 
 The following figure shows how a simple `GET` on an object whose current version is a delete marker, returns a 404 No Object Found error\.
 
 
@@ -237,6 +237,27 @@ func (basics BucketBasics) ListObjects(bucketName string) ([]types.Object, error
         return val/1024;
     }
 ```
+List objects using pagination\.  
+
+```
+    public static void listBucketObjects(S3Client s3, String bucketName ) {
+        try {
+            ListObjectsV2Request listReq = ListObjectsV2Request.builder()
+                .bucket(bucketName)
+                .maxKeys(1)
+                .build();
+
+            ListObjectsV2Iterable listRes = s3.listObjectsV2Paginator(listReq);
+            listRes.stream()
+                .flatMap(r -> r.contents().stream())
+                .forEach(content -> System.out.println(" Key: " + content.key() + " size = " + content.size()));
+
+        } catch (S3Exception e) {
+            System.err.println(e.awsErrorDetails().errorMessage());
+            System.exit(1);
+        }
+    }
+```
 +  For API details, see [ListObjects](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/ListObjects) in *AWS SDK for Java 2\.x API Reference*\. 
 
 ------
 
@@ -11,7 +11,7 @@ If you have S3 Cross\-Region Replication \(CRR\) enabled with two\-way replicati
 ## Amazon S3 Multi\-Region Access Points routing states<a name="FailoverConfiguration"></a>
 
 Your Amazon S3 Multi\-Region Access Points failover configuration determines the routing status of the AWS Regions that are used with the Multi\-Region Access Point\. You can configure your Amazon S3 Multi\-Region Access Point to be in an active\-active state or active\-passive state\.
-+ **Active\-active** – In an active\-active configuration, all requests are automatically sent to the closest proximity AWS Region in your Multi\-Region Access Point\. After the Multi\-Region Access Point has been configured to be in an active\-active state, all Regions can receive traffic\. If a Region goes down in an active\-active configuration, traffic will be automatically redirected to one of the active Regions\.
++ **Active\-active** – In an active\-active configuration, all requests are automatically sent to the closest proximity AWS Region in your Multi\-Region Access Point\. After the Multi\-Region Access Point has been configured to be in an active\-active state, all Regions can receive traffic\. If traffic disruption occurs in an active\-active configuration, network traffic will automatically be redirected to one of the active Regions\.
 + **Active\-passive** – In an active\-passive configuration, the active Regions in your Multi\-Region Access Point receive traffic and the passive ones do not\. If you intend to use S3 failover controls to initiate failover in a disaster situation, set up your Multi\-Region Access Points in an active\-passive configuration while you're testing and performing disaster\-recovery planning\.
 
 ## AWS Region support<a name="RegionSupport"></a>
 
@@ -12,7 +12,7 @@ The following examples demonstrate how to use Multi\-Region Access Points with c
 
 ## Multi\-Region Access Point compatibility with AWS services<a name="mrap-api-support"></a>
 
-Amazon S3 Multi\-Region Access Point Amazon Resource Names \(ARNs\) allow any application that requires an Amazon S3 bucket name to use a Multi\-Region Access Point\. You can use Amazon S3 Multi\-Region Access Point aliases anywhere that you use S3 bucket names to access data\.
+Amazon S3 Multi\-Region Access Point Amazon Resource Names \(ARNs\) allow applications \(using an AWS SDK\) that require an Amazon S3 bucket name to use a Multi\-Region Access Point\.
 
 ## Multi\-Region Access Point compatibility with S3 operations<a name="mrap-operations-support"></a>
 
 
@@ -580,18 +580,18 @@ import {
   PutObjectCommand,
   GetObjectCommand,
   DeleteObjectCommand,
-  DeleteBucketCommand }
-from "@aws-sdk/client-s3";
+  DeleteBucketCommand,
+} from "@aws-sdk/client-s3";
 import { s3Client } from "./libs/s3Client.js"; // Helper function that creates an Amazon S3 service client module.
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
-const fetch = require("node-fetch");
+import fetch from "node-fetch";
 
 // Set parameters
 // Create a random names for the S3 bucket and key.
 export const bucketParams = {
   Bucket: `test-bucket-${Math.ceil(Math.random() * 10 ** 10)}`,
   Key: `test-object-${Math.ceil(Math.random() * 10 ** 10)}`,
-  Body: "BODY"
+  Body: "BODY",
 };
 
 export const run = async () => {
@@ -601,7 +601,6 @@ export const run = async () => {
     const data = await s3Client.send(
       new CreateBucketCommand({ Bucket: bucketParams.Bucket })
     );
-    return data; // For unit tests.
     console.log(`Waiting for "${bucketParams.Bucket}" bucket creation...\n`);
   } catch (err) {
     console.log("Error creating bucket", err);
@@ -616,7 +615,6 @@ export const run = async () => {
         Body: bucketParams.Body,
       })
     );
-    return data; // For unit tests.
   } catch (err) {
     console.log("Error putting object", err);
   }
@@ -644,19 +642,23 @@ export const run = async () => {
   try {
     console.log(`\nDeleting object "${bucketParams.Key}"} from bucket`);
     const data = await s3Client.send(
-      new DeleteObjectCommand({ Bucket: bucketParams.Bucket, Key: bucketParams.Key })
+      new DeleteObjectCommand({
+        Bucket: bucketParams.Bucket,
+        Key: bucketParams.Key,
+      })
     );
-    return data; // For unit tests.
   } catch (err) {
     console.log("Error deleting object", err);
   }
   // Delete the S3 bucket.
   try {
     console.log(`\nDeleting bucket ${bucketParams.Bucket}`);
     const data = await s3Client.send(
-      new DeleteBucketCommand({ Bucket: bucketParams.Bucket, Key: bucketParams.Key })
+      new DeleteBucketCommand({
+        Bucket: bucketParams.Bucket,
+        Key: bucketParams.Key,
+      })
     );
-    return data; // For unit tests.
   } catch (err) {
     console.log("Error deleting object", err);
   }
 
@@ -172,6 +172,105 @@ namespace Amazon.DocSamples.S3
 }
 ```
 
+------
+#### [ JavaScript ]
+
+**Example**  
+The following example creates a bucket, puts an object, creates a signed url for that object, fetches the url, then deletes the object and the bucket\.  
+
+```
+// Import the required AWS SDK clients and commands for Node.js
+import {
+  CreateBucketCommand,
+  PutObjectCommand,
+  GetObjectCommand,
+  DeleteObjectCommand,
+  DeleteBucketCommand,
+} from "@aws-sdk/client-s3";
+import { s3Client } from "./libs/s3Client.js"; // Helper function that creates an Amazon S3 service client module.
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+import fetch from "node-fetch";
+
+// Set parameters
+// Create a random names for the S3 bucket and key.
+export const bucketParams = {
+  Bucket: `test-bucket-${Math.ceil(Math.random() * 10 ** 10)}`,
+  Key: `test-object-${Math.ceil(Math.random() * 10 ** 10)}`,
+  Body: "BODY",
+};
+
+export const run = async () => {
+  // Create an S3 bucket.
+  try {
+    console.log(`Creating bucket ${bucketParams.Bucket}`);
+    const data = await s3Client.send(
+      new CreateBucketCommand({ Bucket: bucketParams.Bucket })
+    );
+    console.log(`Waiting for "${bucketParams.Bucket}" bucket creation...\n`);
+  } catch (err) {
+    console.log("Error creating bucket", err);
+  }
+  // Put the object in the S3 bucket.
+  try {
+    console.log(`Putting object "${bucketParams.Key}" in bucket`);
+    const data = await s3Client.send(
+      new PutObjectCommand({
+        Bucket: bucketParams.Bucket,
+        Key: bucketParams.Key,
+        Body: bucketParams.Body,
+      })
+    );
+  } catch (err) {
+    console.log("Error putting object", err);
+  }
+  // Create a presigned URL.
+  try {
+    // Create the command.
+    const command = new GetObjectCommand(bucketParams);
+
+    // Create the presigned URL.
+    const signedUrl = await getSignedUrl(s3Client, command, {
+      expiresIn: 3600,
+    });
+    console.log(
+      `\nGetting "${bucketParams.Key}" using signedUrl with body "${bucketParams.Body}" in v3`
+    );
+    console.log(signedUrl);
+    const response = await fetch(signedUrl);
+    console.log(
+      `\nResponse returned by signed URL: ${await response.text()}\n`
+    );
+  } catch (err) {
+    console.log("Error creating presigned URL", err);
+  }
+  // Delete the object.
+  try {
+    console.log(`\nDeleting object "${bucketParams.Key}"} from bucket`);
+    const data = await s3Client.send(
+      new DeleteObjectCommand({
+        Bucket: bucketParams.Bucket,
+        Key: bucketParams.Key,
+      })
+    );
+  } catch (err) {
+    console.log("Error deleting object", err);
+  }
+  // Delete the S3 bucket.
+  try {
+    console.log(`\nDeleting bucket ${bucketParams.Bucket}`);
+    const data = await s3Client.send(
+      new DeleteBucketCommand({
+        Bucket: bucketParams.Bucket,
+        Key: bucketParams.Key,
+      })
+    );
+  } catch (err) {
+    console.log("Error deleting object", err);
+  }
+};
+run();
+```
+
 ------
 #### [ PHP ]
 
 
@@ -1,7 +1,7 @@
 # Protecting data using encryption<a name="UsingEncryption"></a>
 
 **Important**  
-Amazon S3 now applies server\-side encryption with Amazon S3 managed keys \(SSE\-S3\) as the base level of encryption for every bucket in Amazon S3\. Starting January 5, 2023, all new object uploads to Amazon S3 will be automatically encrypted at no additional cost and with no impact on performance\. Currently, the automatic encryption status for S3 bucket default encryption configuration and for new object uploads is available in AWS CloudTrail logs\. During the next few weeks, the automatic encryption status will also be rolled out to the Amazon S3 console, S3 Inventory, S3 Storage Lens, and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs\. When this update is complete in all AWS Regions, we will update the documentation\. For more information, see [Default encryption FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html)\.
+Amazon S3 now applies server\-side encryption with Amazon S3 managed keys \(SSE\-S3\) as the base level of encryption for every bucket in Amazon S3\. Starting January 5, 2023, all new object uploads to Amazon S3 will be automatically encrypted at no additional cost and with no impact on performance\. Currently, the automatic encryption status for S3 bucket default encryption configuration and for new object uploads is available in AWS CloudTrail logs, S3 Inventory, and S3 Storage Lens\. During the next few weeks, the automatic encryption status will also be rolled out to the Amazon S3 console and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs\. When this update is complete in all AWS Regions, we will update the documentation\. For more information, see [Default encryption FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html)\.
 
 Data protection refers to protecting data while in\-transit \(as it travels to and from Amazon S3\) and at rest \(while it is stored on disks in Amazon S3 data centers\)\. You can protect data in transit using Secure Socket Layer/Transport Layer Security \(SSL/TLS\) or client\-side encryption\. You have the following options for protecting data at rest in Amazon S3:
 + **Server\-Side Encryption** – Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects\. 
 
@@ -1,7 +1,7 @@
 # Using server\-side encryption with AWS Key Management Service \(SSE\-KMS\)<a name="UsingKMSEncryption"></a>
 
 **Important**  
-Amazon S3 now applies server\-side encryption with Amazon S3 managed keys \(SSE\-S3\) as the base level of encryption for every bucket in Amazon S3\. Starting January 5, 2023, all new object uploads to Amazon S3 will be automatically encrypted at no additional cost and with no impact on performance\. Currently, the automatic encryption status for S3 bucket default encryption configuration and for new object uploads is available in AWS CloudTrail logs\. During the next few weeks, the automatic encryption status will also be rolled out to the Amazon S3 console, S3 Inventory, S3 Storage Lens, and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs\. When this update is complete in all AWS Regions, we will update the documentation\. For more information, see [Default encryption FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html)\.
+Amazon S3 now applies server\-side encryption with Amazon S3 managed keys \(SSE\-S3\) as the base level of encryption for every bucket in Amazon S3\. Starting January 5, 2023, all new object uploads to Amazon S3 will be automatically encrypted at no additional cost and with no impact on performance\. Currently, the automatic encryption status for S3 bucket default encryption configuration and for new object uploads is available in AWS CloudTrail logs, S3 Inventory, and S3 Storage Lens\. During the next few weeks, the automatic encryption status will also be rolled out to the Amazon S3 console and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs\. When this update is complete in all AWS Regions, we will update the documentation\. For more information, see [Default encryption FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html)\.
 
 Server\-side encryption is the encryption of data at its destination by the application or service that receives it\. AWS Key Management Service \(AWS KMS\) is a service that combines secure, highly available hardware and software to provide a key management system scaled for the cloud\. Amazon S3 uses server\-side encryption with AWS KMS \(SSE\-KMS\) to encrypt your S3 object data\. Also, when SSE\-KMS is requested for the object, the S3 checksum as part of the object's metadata, is stored in encrypted form\. For more information about checksum, see [Checking object integrity](checking-object-integrity.md)\.
 
@@ -55,7 +55,7 @@ When you request that your data be decrypted, Amazon S3 and AWS KMS perform the
 
 1. Amazon S3 sends the encrypted data key to AWS KMS in a `Decrypt` request\.
 
-1. AWS KMS decrypts the data key by using the same KMS key and returns the plaintext data key to Amazon S3\.
+1. AWS KMS decrypts the encrypted data key by using the same KMS key and returns the plaintext data key to Amazon S3\.
 
 1. Amazon S3 decrypts the encrypted data, using the plaintext data key, and removes the plaintext data key from memory as soon as possible\.
 
@@ -154,4 +154,4 @@ If your object uses SSE\-KMS, don't send encryption request headers for `GET` re
 + [Encryption context](#encryption-context)
 + [Sending requests for AWS KMS encrypted objects](#aws-signature-version-4-sse-kms)
 + [Specifying server\-side encryption with AWS KMS \(SSE\-KMS\)](specifying-kms-encryption.md)
-+ [Reducing the cost of SSE\-KMS with Amazon S3 Bucket Keys](bucket-key.md)
++ [Reducing the cost of SSE\-KMS with Amazon S3 Bucket Keys](bucket-key.md)
@@ -1,7 +1,7 @@
 # Using server\-side encryption with Amazon S3\-managed encryption keys \(SSE\-S3\)<a name="UsingServerSideEncryption"></a>
 
 **Important**  
-Amazon S3 now applies server\-side encryption with Amazon S3 managed keys \(SSE\-S3\) as the base level of encryption for every bucket in Amazon S3\. Starting January 5, 2023, all new object uploads to Amazon S3 will be automatically encrypted at no additional cost and with no impact on performance\. Currently, the automatic encryption status for S3 bucket default encryption configuration and for new object uploads is available in AWS CloudTrail logs\. During the next few weeks, the automatic encryption status will also be rolled out to the Amazon S3 console, S3 Inventory, S3 Storage Lens, and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs\. When this update is complete in all AWS Regions, we will update the documentation\. For more information, see [Default encryption FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html)\.
+Amazon S3 now applies server\-side encryption with Amazon S3 managed keys \(SSE\-S3\) as the base level of encryption for every bucket in Amazon S3\. Starting January 5, 2023, all new object uploads to Amazon S3 will be automatically encrypted at no additional cost and with no impact on performance\. Currently, the automatic encryption status for S3 bucket default encryption configuration and for new object uploads is available in AWS CloudTrail logs, S3 Inventory, and S3 Storage Lens\. During the next few weeks, the automatic encryption status will also be rolled out to the Amazon S3 console and as an additional Amazon S3 API response header in the AWS Command Line Interface and AWS SDKs\. When this update is complete in all AWS Regions, we will update the documentation\. For more information, see [Default encryption FAQ](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html)\.
 
 Server\-side encryption protects data at rest\. Amazon S3 encrypts each object with a unique key\. As an additional safeguard, it encrypts the key itself with a key that it rotates regularly\. Amazon S3 server\-side encryption uses one of the strongest block ciphers available to encrypt your data, 256\-bit Advanced Encryption Standard \(AES\-256\)\.
 
 
@@ -60,13 +60,11 @@ Note that it isn't currently possible to change an access point's block public a
 
 ## The meaning of "public"<a name="access-control-block-public-access-policy-status"></a>
 
-### Buckets<a name="access-control-block-public-access-policy-status-buckets"></a>
-
-#### ACLs<a name="public-acls"></a>
+### ACLs<a name="public-acls"></a>
 
 Amazon S3 considers a bucket or object ACL public if it grants any permissions to members of the predefined `AllUsers` or `AuthenticatedUsers` groups\. For more information about predefined groups, see [Amazon S3 predefined groups](acl-overview.md#specifying-grantee-predefined-groups)\.
 
-#### Bucket policies<a name="public-bucket-policies"></a>
+### Bucket policies<a name="public-bucket-policies"></a>
 
 When evaluating a bucket policy, Amazon S3 begins by assuming that the policy is public\. It then evaluates the policy to determine whether it qualifies as non\-public\. To be considered non\-public, a bucket policy must grant access only to fixed values \(values that don't contain a wildcard or [an AWS Identity and Access Management Policy Variable](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html)\) for one or more of the following:
 + An AWS principal, user, role, or service principal \(e\.g\. `aws:PrincipalOrgID`\)
@@ -129,7 +127,7 @@ You can make these policies non\-public by including any of the condition keys l
 	}
 ```
 
-#### Example<a name="access-control-block-public-access-policy-example"></a>
+### How Amazon S3 evaluates a bucket policy that contains both public and non\-public access grants<a name="access-control-block-public-access-policy-example"></a>
 
 This example shows how Amazon S3 evaluates a bucket policy that contains both public and non\-public access grants\.