AWS::S3::AccessGrant AccessGrantsLocationConfiguration - AWS CloudFormation

AWS::S3::AccessGrant AccessGrantsLocationConfiguration

The configuration options of the S3 Access Grants location. It contains the S3SubPrefix field. The grant scope, the data to which you are granting access, is the result of appending the Subprefix field to the scope of the registered location.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "S3SubPrefix" : String }


S3SubPrefix: String



The S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a <bucket-name>/*, so the full grant scope path would be s3://<bucket-name>/*. Or the S3SubPrefx can be <bucket-name>/<prefix-name>*, so the full grant scope path would be s3://<bucket-name>/<prefix-name>*.

If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.

Required: Yes

Type: String

Update requires: No interruption