AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-06-28 · Documentation low

File: cli/latest/reference/s3api/rename-object.md

Summary

Updated CLI version references from 2.27.42 to 2.27.45, fixed typo in 'Zonal endpoint APT operations' to 'API operations', and restructured idempotency note formatting

Security assessment

Changes are version updates and documentation formatting improvements. The typo fix clarifies API operations but doesn't address security vulnerabilities. No security-related content was added or modified beyond existing authorization guidance.

Diff

diff --git a/cli/latest/reference/s3api/rename-object.md b/cli/latest/reference/s3api/rename-object.md
index e07b3c5cf..cca22e173 100644
--- a//cli/latest/reference/s3api/rename-object.md
+++ b//cli/latest/reference/s3api/rename-object.md
@@ -15 +15 @@
-  * [AWS CLI 2.27.42 Command Reference](../../index.html) »
+  * [AWS CLI 2.27.45 Command Reference](../../index.html) »
@@ -74 +74 @@ Permissions
-To grant access to the `RenameObject` operation on a directory bucket, we recommend that you use the `CreateSession` operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the directory bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. The Amazon Web Services CLI and SDKs will create and manage your session including refreshing the session token automatically to avoid service interruptions when a session expires. In your bucket policy, you can specify the `s3express:SessionMode` condition key to control who can create a `ReadWrite` or `ReadOnly` session. A `ReadWrite` session is required for executing all the Zonal endpoint API operations, including `RenameObject` . For more information about authorization, see ` `CreateSession` <https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession>.html`__ . To learn more about Zonal endpoint APT operations, see [Authorizing Zonal endpoint API operations with CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-create-session.html) in the _Amazon S3 User Guide_ .
+To grant access to the `RenameObject` operation on a directory bucket, we recommend that you use the `CreateSession` operation for session-based authorization. Specifically, you grant the `s3express:CreateSession` permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the `CreateSession` API call on the directory bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another `CreateSession` API call to generate a new session token for use. The Amazon Web Services CLI and SDKs will create and manage your session including refreshing the session token automatically to avoid service interruptions when a session expires. In your bucket policy, you can specify the `s3express:SessionMode` condition key to control who can create a `ReadWrite` or `ReadOnly` session. A `ReadWrite` session is required for executing all the Zonal endpoint API operations, including `RenameObject` . For more information about authorization, see ` `CreateSession` <https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession>.html`__ . To learn more about Zonal endpoint API operations, see [Authorizing Zonal endpoint API operations with CreateSession](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-create-session.html) in the _Amazon S3 User Guide_ .
@@ -174 +174,5 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/s3-200
-> A unique string with a max of 64 ASCII characters in the ASCII range of 33 - 126. `RenameObject` supports idempotency using a client token. To make an idempotent API request using `RenameObject` , specify a client token in the request. You should not reuse the same client token for other API requests. If you retry a request that completed successfully using the same client token and the same parameters, the retry succeeds without performing any further actions. If you retry a successful request using the same client token, but one or more of the parameters are different, the retry fails and an `IdempotentParameterMismatch` error is returned.
+> A unique string with a max of 64 ASCII characters in the ASCII range of 33 - 126.
+> 
+> ### Note
+> 
+> `RenameObject` supports idempotency using a client token. To make an idempotent API request using `RenameObject` , specify a client token in the request. You should not reuse the same client token for other API requests. If you retry a request that completed successfully using the same client token and the same parameters, the retry succeeds without performing any further actions. If you retry a successful request using the same client token, but one or more of the parameters are different, the retry fails and an `IdempotentParameterMismatch` error is returned.
@@ -287 +291 @@ None
-  * [AWS CLI 2.27.42 Command Reference](../../index.html) »
+  * [AWS CLI 2.27.45 Command Reference](../../index.html) »