AWS::S3Outposts::AccessPoint - AWS CloudFormation


The AWS::S3Outposts::AccessPoint resource specifies an Access Point and associates it with the specified Amazon S3 on Outposts bucket. For more information, see Managing data access with Amazon S3 Access Points.


S3 on Outposts only supports VPC-style Access Points.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::S3Outposts::AccessPoint", "Properties" : { "Bucket" : String, "Name" : String, "Policy" : Json, "VpcConfiguration" : VpcConfiguration } }


Type: AWS::S3Outposts::AccessPoint Properties: Bucket: String Name: String Policy: Json VpcConfiguration: VpcConfiguration



The Amazon Resource Name (ARN) of the S3 on Outposts bucket that is associated with this Access Point.

Required: Yes

Type: String

Update requires: Replacement


The name of this Access Point.

Required: Yes

Type: String

Update requires: Replacement


The Access Point policy associated with this Access Point.

Required: No

Type: Json

Update requires: No interruption


The virtual private cloud (VPC) configuration for this Access Point, if one exists.

Required: Yes

Type: VpcConfiguration

Update requires: Replacement

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Access Point ARN.

For more information about using the Ref function, see Ref.



This resource contains the details of the S3 on Outposts bucket Access Point ARN. This resource is read-only.


Creating an Access Point with an Access Point policy for your Amazon S3 on Outposts using CloudFormation

The following example shows how you can create an S3 on Outposts bucket and S3 on Outposts Access Point in the same CFN stack.


To create an Access Point, you must already have an S3 on Outposts bucket ARN. This means that you must create your Outposts bucket before or at the same time as creating the Access Point.


{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Bucket, no tags, no lifecycle configuration with Access Point", "Resources": { "ExampleS3OutpostsBucket": { "Type": "AWS::S3Outposts::Bucket", "Properties": { "BucketName": "DOC-EXAMPLE-BUCKET", "OutpostID": "op-01ac5d28a6a232904" } }, "ExampleS3OutpostsAccessPoint": { "Type": "AWS::S3Outposts::AccessPoint", "Properties": { "Bucket": { "Ref": "ExampleS3OutpostsBucket" }, "Name": "ExampleAccessPoint", "VpcConfiguration": { "VpcID": "vpc-12345" }, "Policy": { "Version":"2012-10-17", "ID":"AccessPointPolicy", "Statement":[{ "Sid":"st1", "Effect":"Allow", "Principal":{"AWS":"arn:aws:iam::123456789012:root"}, "Action":"s3-outposts:*", "Resource": "arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-01ac5d28a6a232904/accesspoint/ExampleAccessPoint" }] } } } }, "Outputs": { "ExampleS3OutpostsBucketARN": { "Description": "The ARN of ExampleS3OutpostsBucket", "Value": { "Ref": "ExampleS3OutpostsBucket" } }, "ExampleS3OutpostsAccessPointARN": { "Description": "The ARN of ExampleS3OutpostsAccessPoint", "Value": {"Ref": "ExampleS3OutpostsAccessPoint" } }, "ExampleS3OutpostsStackID": { "Description": "The Stack ID", "Value": { "Ref": "AWS::StackID" }, "Export": { "Name": {"Fn::Sub": "${AWS::StackName}-StackID"}} } } }


AWSTemplateFormatVersion: '2010-09-09' Description: Bucket, no tags, no lifecycle configuration with Access Point Resources: ExampleS3OutpostsBucket: Type: AWS::S3Outposts::Bucket Properties: BucketName: DOC-EXAMPLE-BUCKET OutpostID: op-01ac5d28a6a232904 ExampleS3OutpostsAccessPoint: Type: AWS::S3Outposts::AccessPoint Properties: Bucket: Ref: ExampleS3OutpostsBucket Name: ExampleAccessPoint VpcConfiguration: VpcID: vpc-12345 Policy: Version: '2012-10-17' ID: AccessPointPolicy Statement: - Sid: st1 Effect: Allow Principal: AWS: arn:aws:iam::123456789012:root Action: s3-outposts:* Resource: arn:aws:s3-outposts:us-east-1:1234567890:outpost/op-01ac5d28a6a232904/accesspoint/ExampleAccessPoint Outputs: ExampleS3OutpostsBucketARN: Description: The ARN of ExampleS3OutpostsBucket Value: Ref: ExampleS3OutpostsBucket ExampleS3OutpostsAccessPointARN: Description: The ARN of ExampleS3OutpostsAccessPoint Value: Ref: ExampleS3OutpostsAccessPoint ExampleS3OutpostsStackID: Description: The Stack ID Value: Ref: AWS::StackID Export: Name: Fn::Sub: "${AWS::StackName}-StackID"