aws
diff --git a/‎.changes/2.1069.0.json
Lines changed: 12 additions & 0 deletions b/‎.changes/2.1069.0.json
Lines changed: 12 additions & 0 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 5 additions & 1 deletion b/‎CHANGELOG.md
Lines changed: 5 additions & 1 deletion
diff --git a/‎README.md
Lines changed: 1 addition & 1 deletion b/‎README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎apis/athena-2017-05-18.min.json
Lines changed: 6 additions & 1 deletion b/‎apis/athena-2017-05-18.min.json
Lines changed: 6 additions & 1 deletion
diff --git a/‎apis/athena-2017-05-18.normal.json
Lines changed: 15 additions & 3 deletions b/‎apis/athena-2017-05-18.normal.json
Lines changed: 15 additions & 3 deletions
diff --git a/‎apis/lakeformation-2017-03-31.min.json
Lines changed: 0 additions & 1 deletion b/‎apis/lakeformation-2017-03-31.min.json
Lines changed: 0 additions & 1 deletion
diff --git a/‎apis/lakeformation-2017-03-31.normal.json
Lines changed: 0 additions & 1 deletion b/‎apis/lakeformation-2017-03-31.normal.json
Lines changed: 0 additions & 1 deletion
@@ -0,0 +1,12 @@
+[
+    {
+        "type": "feature",
+        "category": "Athena",
+        "description": "You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error."
+    },
+    {
+        "type": "feature",
+        "category": "LakeFormation",
+        "description": "Add support for calling Update Table Objects without a TransactionId."
+    }
+]
@@ -1,7 +1,11 @@
 # Changelog for AWS SDK for JavaScript
-<!--LATEST=2.1068.0-->
+<!--LATEST=2.1069.0-->
 <!--ENTRYINSERT-->
 
+## 2.1069.0
+* feature: Athena: You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error.
+* feature: LakeFormation: Add support for calling Update Table Objects without a TransactionId.
+
 ## 2.1068.0
 * feature: EC2: adds support for AMIs in Recycle Bin
 * feature: MarketplaceMetering: Add CustomerAWSAccountId to ResolveCustomer API response and increase UsageAllocation limit to 2500.
 
@@ -29,7 +29,7 @@ For release notes, see the [CHANGELOG](https://github.com/aws/aws-sdk-js/blob/ma
 To use the SDK in the browser, simply add the following script tag to your
 HTML pages:
 
-    <script src="https://sdk.amazonaws.com/js/aws-sdk-2.1068.0.min.js"></script>
+    <script src="https://sdk.amazonaws.com/js/aws-sdk-2.1069.0.min.js"></script>
 
 You can also build a custom browser SDK with your specified set of AWS services.
 This can allow you to reduce the SDK's size, specify different API versions of
 
@@ -892,6 +892,10 @@
                   },
                   "RemoveEncryptionConfiguration": {
                     "type": "boolean"
+                  },
+                  "ExpectedBucketOwner": {},
+                  "RemoveExpectedBucketOwner": {
+                    "type": "boolean"
                   }
                 }
               },
@@ -1015,7 +1019,8 @@
         "OutputLocation": {},
         "EncryptionConfiguration": {
           "shape": "Sp"
-        }
+        },
+        "ExpectedBucketOwner": {}
       }
     },
     "Sp": {
 
@@ -374,7 +374,7 @@
           "shape": "InvalidRequestException"
         }
       ],
-      "documentation": "<p>Streams the results of a single query execution specified by <code>QueryExecutionId</code> from the Athena query results location in Amazon S3. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/querying.html\">Query Results</a> in the <i>Amazon Athena User Guide</i>. This request does not execute the query but returns results. Use <a>StartQueryExecution</a> to run a query.</p> <p>To stream query results successfully, the IAM principal with permission to call <code>GetQueryResults</code> also must have permissions to the Amazon S3 <code>GetObject</code> action for the Athena query results location.</p> <important> <p>IAM principals with permission to the Amazon S3 <code>GetObject</code> action for the query results location are able to retrieve query results from Amazon S3 even if permission to the <code>GetQueryResults</code> action is denied. To restrict user or role access, ensure that Amazon S3 permissions to the Athena query location are denied.</p> </important>"
+      "documentation": "<p>Streams the results of a single query execution specified by <code>QueryExecutionId</code> from the Athena query results location in Amazon S3. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/querying.html\">Query Results</a> in the <i>Amazon Athena User Guide</i>. This request does not execute the query but returns results. Use <a>StartQueryExecution</a> to run a query.</p> <p>If the original query execution ran using an <a>ResultConfiguration$ExpectedBucketOwner</a> setting, the setting also applies to Amazon S3 read operations when <code>GetQueryResults</code> is called. If an expected bucket owner has been specified and the query results are in an Amazon S3 bucket whose owner account ID is different from the expected bucket owner, the <code>GetQueryResults</code> call fails with an Amazon S3 permissions error.</p> <p>To stream query results successfully, the IAM principal with permission to call <code>GetQueryResults</code> also must have permissions to the Amazon S3 <code>GetObject</code> action for the Athena query results location.</p> <important> <p>IAM principals with permission to the Amazon S3 <code>GetObject</code> action for the query results location are able to retrieve query results from Amazon S3 even if permission to the <code>GetQueryResults</code> action is denied. To restrict user or role access, ensure that Amazon S3 permissions to the Athena query location are denied.</p> </important>"
     },
     "GetTableMetadata": {
       "name": "GetTableMetadata",
@@ -2193,6 +2193,10 @@
         "EncryptionConfiguration": {
           "shape": "EncryptionConfiguration",
           "documentation": "<p>If query results are encrypted in Amazon S3, indicates the encryption option used (for example, <code>SSE-KMS</code> or <code>CSE-KMS</code>) and key information. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See <a>WorkGroupConfiguration$EnforceWorkGroupConfiguration</a> and <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+        },
+        "ExpectedBucketOwner": {
+          "shape": "String",
+          "documentation": "<p>The Amazon Web Services account ID that you expect to be the owner of the Amazon S3 bucket specified by <a>ResultConfiguration$OutputLocation</a>. If set, Athena uses the value for <code>ExpectedBucketOwner</code> when it makes Amazon S3 calls to your specified output location. If the <code>ExpectedBucketOwner</code> Amazon Web Services account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.</p> <p>This is a client-side setting. If workgroup settings override client-side settings, then the query uses the <code>ExpectedBucketOwner</code> setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See <a>WorkGroupConfiguration$EnforceWorkGroupConfiguration</a> and <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
         }
       },
       "documentation": "<p>The location in Amazon S3 where query results are stored and the encryption option, if any, used for query results. These are known as \"client-side settings\". If workgroup settings override client-side settings, then the query uses the workgroup settings.</p>"
@@ -2206,15 +2210,23 @@
         },
         "RemoveOutputLocation": {
           "shape": "BoxedBoolean",
-          "documentation": "<p>If set to \"true\", indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>OutputLocation</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>OutputLocation</code> in the workgroup's <code>ResultConfiguration</code> will be updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+          "documentation": "<p>If set to \"true\", indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>OutputLocation</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>OutputLocation</code> in the workgroup's <code>ResultConfiguration</code> is updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
         },
         "EncryptionConfiguration": {
           "shape": "EncryptionConfiguration",
           "documentation": "<p>The encryption configuration for the query results.</p>"
         },
         "RemoveEncryptionConfiguration": {
           "shape": "BoxedBoolean",
-          "documentation": "<p>If set to \"true\", indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>EncryptionConfiguration</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>EncryptionConfiguration</code> in the workgroup's <code>ResultConfiguration</code> will be updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+          "documentation": "<p>If set to \"true\", indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>EncryptionConfiguration</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>EncryptionConfiguration</code> in the workgroup's <code>ResultConfiguration</code> is updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+        },
+        "ExpectedBucketOwner": {
+          "shape": "String",
+          "documentation": "<p>The Amazon Web Services account ID that you expect to be the owner of the Amazon S3 bucket specified by <a>ResultConfiguration$OutputLocation</a>. If set, Athena uses the value for <code>ExpectedBucketOwner</code> when it makes Amazon S3 calls to your specified output location. If the <code>ExpectedBucketOwner</code> Amazon Web Services account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.</p> <p>If workgroup settings override client-side settings, then the query uses the <code>ExpectedBucketOwner</code> setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See <a>WorkGroupConfiguration$EnforceWorkGroupConfiguration</a> and <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+        },
+        "RemoveExpectedBucketOwner": {
+          "shape": "BoxedBoolean",
+          "documentation": "<p>If set to \"true\", removes the Amazon Web Services account ID previously specified for <a>ResultConfiguration$ExpectedBucketOwner</a>. If set to \"false\" or not set, and a value is present in the <code>ExpectedBucketOwner</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>ExpectedBucketOwner</code> in the workgroup's <code>ResultConfiguration</code> is updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
         }
       },
       "documentation": "<p>The information about the updates in the query results, such as output location and encryption configuration for the query results.</p>"
 
@@ -1292,7 +1292,6 @@
         "required": [
           "DatabaseName",
           "TableName",
-          "TransactionId",
           "WriteOperations"
         ],
         "members": {
 
@@ -3973,7 +3973,6 @@
       "required": [
         "DatabaseName",
         "TableName",
-        "TransactionId",
         "WriteOperations"
       ],
       "members": {