AWS::S3Outposts::AccessPoint - AWS CloudFormation

AWS::S3Outposts::AccessPoint

The AWS::S3Outposts::AccessPoint resource specifies an access point and associates it with the specified Amazon S3 on Outposts bucket. For more information, see Managing data access with Amazon S3 access points.

Note

S3 on Outposts supports only VPC-style access points.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::S3Outposts::AccessPoint", "Properties" : { "Bucket" : String, "Name" : String, "Policy" : Json, "VpcConfiguration" : VpcConfiguration } }

YAML

Type: AWS::S3Outposts::AccessPoint Properties: Bucket: String Name: String Policy: Json VpcConfiguration: VpcConfiguration

Properties

Bucket

The Amazon Resource Name (ARN) of the S3 on Outposts bucket that is associated with this access point.

Required: Yes

Type: String

Pattern: ^arn:[^:]+:s3-outposts:[a-zA-Z0-9\-]+:\d{12}:outpost\/[^:]+\/bucket\/[^:]+$

Minimum: 20

Maximum: 2048

Update requires: Replacement

Name

The name of this access point.

Required: Yes

Type: String

Pattern: ^[a-z0-9]([a-z0-9\\-]*[a-z0-9])?$

Minimum: 3

Maximum: 50

Update requires: Replacement

Policy

The access point policy associated with this access point.

Required: No

Type: Json

Update requires: No interruption

VpcConfiguration

The virtual private cloud (VPC) configuration for this access point, if one exists.

Required: Yes

Type: VpcConfiguration

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the access point ARN.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Arn

This resource contains the details of the S3 on Outposts bucket access point ARN. This resource is read-only.

Examples

Creating an access point with an access point policy for your Amazon S3 on Outposts using CloudFormation

The following example shows how you can create an S3 on Outposts bucket and S3 on Outposts access point in the same CFN stack.

Note

To create an access point, you must already have an S3 on Outposts bucket ARN. This means that you must create your Outposts bucket before or at the same time as you create the access point.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Bucket, no tags, no lifecycle configuration with access point", "Resources": { "ExampleS3OutpostsBucket": { "Type": "AWS::S3Outposts::Bucket", "Properties": { "BucketName": "DOC-EXAMPLE-BUCKET", "OutpostId": "op-01ac5d28a6a232904" } }, "ExampleS3OutpostsAccessPoint": { "Type": "AWS::S3Outposts::AccessPoint", "Properties": { "Bucket": { "Ref": "ExampleS3OutpostsBucket" }, "Name": "ExampleAccessPoint", "VpcConfiguration": { "VpcID": "vpc-12345" }, "Policy": { "Version":"2012-10-17", "ID":"AccessPointPolicy", "Statement":[{ "Sid":"st1", "Effect":"Allow", "Principal":{"AWS":"arn:aws:iam::123456789012:root"}, "Action":"s3-outposts:*", "Resource": "arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-01ac5d28a6a232904/accesspoint/ExampleAccessPoint" }] } } } }, "Outputs": { "ExampleS3OutpostsBucketARN": { "Description": "The ARN of ExampleS3OutpostsBucket", "Value": { "Ref": "ExampleS3OutpostsBucket" } }, "ExampleS3OutpostsAccessPointARN": { "Description": "The ARN of ExampleS3OutpostsAccessPoint", "Value": {"Ref": "ExampleS3OutpostsAccessPoint" } }, "ExampleS3OutpostsStackID": { "Description": "The stack ID", "Value": { "Ref": "AWS::StackID" }, "Export": { "Name": {"Fn::Sub": "${AWS::StackName}-StackID"}} } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Description: Bucket, no tags, no lifecycle configuration with access point Resources: ExampleS3OutpostsBucket: Type: AWS::S3Outposts::Bucket Properties: BucketName: DOC-EXAMPLE-BUCKET OutpostId: op-01ac5d28a6a232904 ExampleS3OutpostsAccessPoint: Type: AWS::S3Outposts::AccessPoint Properties: Bucket: Ref: ExampleS3OutpostsBucket Name: ExampleAccessPoint VpcConfiguration: VpcID: vpc-12345 Policy: Version: '2012-10-17' ID: AccessPointPolicy Statement: - Sid: st1 Effect: Allow Principal: AWS: arn:aws:iam::123456789012:root Action: s3-outposts:* Resource: arn:aws:s3-outposts:us-east-1:1234567890:outpost/op-01ac5d28a6a232904/accesspoint/ExampleAccessPoint Outputs: ExampleS3OutpostsBucketARN: Description: The ARN of ExampleS3OutpostsBucket Value: Ref: ExampleS3OutpostsBucket ExampleS3OutpostsAccessPointARN: Description: The ARN of ExampleS3OutpostsAccessPoint Value: Ref: ExampleS3OutpostsAccessPoint ExampleS3OutpostsStackID: Description: The stack ID Value: Ref: AWS::StackID Export: Name: Fn::Sub: "${AWS::StackName}-StackID"