AWS::S3::AccessPoint VpcConfiguration - AWS CloudFormation

AWS::S3::AccessPoint VpcConfiguration

The Virtual Private Cloud (VPC) configuration for this access point.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "VpcId" : String }

YAML

VpcId: String

Properties

VpcId

If this field is specified, the access point will only allow connections from the specified VPC ID.

Required: No

Type: String

Update requires: Replacement

Examples

Create an S3 Access Point restricted to a VPC

The following example creates an Amazon S3 access point restricted to a virtual private cloud (VPC). For more information, see Configuring IAM policies for using access points in the Amazon S3 User Guide.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket" }, "S3BucketPolicy": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "S3Bucket" }, "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "*", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "S3Bucket", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "S3Bucket", "Arn" ] }, "/*" ] ] } ], "Principal": { "AWS": "*" }, "Condition": { "StringEquals": { "s3:DataAccessPointAccount": { "Ref": "AWS::AccountId" } } } } ] } } }, "VPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16" } }, "S3AccessPoint": { "Type": "AWS::S3::AccessPoint", "Properties": { "Bucket": { "Ref": "S3Bucket" }, "Name": "my-access-point", "VpcConfiguration": { "VpcId": { "Ref": "VPC" } }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "IgnorePublicAcls": true, "BlockPublicPolicy": true, "RestrictPublicBuckets": true } } } }, "Outputs": { "S3AccessPointArn": { "Value": { "Ref": "S3AccessPoint" }, "Description": "ARN of the sample Amazon S3 access point." } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Resources: S3Bucket: Type: AWS::S3::Bucket S3BucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: Ref: S3Bucket PolicyDocument: Version: 2012-10-17 Statement: - Action: "*" Effect: Allow Resource: - Fn::GetAtt: - S3Bucket - Arn - Fn::Join: - "" - - Fn::GetAtt: - S3Bucket - Arn - /* Principal: AWS: "*" Condition: StringEquals: s3:DataAccessPointAccount: Ref: AWS::AccountId VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 S3AccessPoint: Type: AWS::S3::AccessPoint Properties: Bucket: Ref: S3Bucket Name: my-access-point VpcConfiguration: VpcId: Ref: VPC PublicAccessBlockConfiguration: BlockPublicAcls: true IgnorePublicAcls: true BlockPublicPolicy: true RestrictPublicBuckets: true Outputs: S3AccessPointArn: Value: Ref: S3AccessPoint Description: ARN of the sample Amazon S3 access point.