Managing access to shared datasets in directory buckets with access points

Access points simplify managing data access at scale for shared datasets in Amazon S3. Access points are unique hostnames you create to enforce distinct permissions and network controls for all requests made through an access point. You can create hundreds of access points per bucket, each with a distinct name and permissions customized for each application. Each access point works in conjunction with the bucket policy that is attached to the underlying bucket.

In directory buckets, an access point name consists of a base name you provide, followed by the Zone ID, and then --xa-s3. For example, accesspointname--zoneID--xa-s3. After you create an access point, you can't change the name or the Zone ID. Access points for directory buckets are supported only in AWS Dedicated Local Zones.

With access points for directory buckets, you can use the access point scope to restrict access to specific prefixes or API operations. You can specify any amount of prefixes, but the total length of characters of all prefixes must be less than 256 bytes.

To restrict Amazon S3 data access to a private network, you can also configure any access point to accept requests only from a virtual private cloud (VPC).

In this section, the topics explain how to use access points for directory buckets. For information about directory buckets, see Working with directory buckets.

Topics

• Access points for directory buckets naming rules, restrictions, and limitations

• Referencing access points for directory buckets

• Object operations for access points for directory buckets

• Configuring IAM policies for using access points for directory buckets

• Monitoring and logging access points for directory buckets

• Creating access points for directory buckets

• Managing your access points for directory buckets