Using access points with compatible Amazon S3 operations - Amazon Simple Storage Service

Using access points with compatible Amazon S3 operations

The following examples demonstrate how to use access points with compatible operations in Amazon S3.

Access point compatibility with S3 operations and AWS services

Access points in Amazon S3 are compatible with a subset of S3 operations and other AWS services. The following sections list the compatible services and S3 operations.

AWS Services

You can use S3 access points with AWS CloudFormation.

For more information about AWS CloudFormation, see What is AWS CloudFormation? in the AWS CloudFormation User Guide.

S3 operations

You can use access points to access a bucket using the following subset of Amazon S3 APIs:

Request an object through an access point

The following example requests the object my-image.jpg through the access point prod owned by account ID 123456789012 in Region us-west-2, and saves the downloaded file as download.jpg.

AWS CLI
aws s3api get-object --key my-image.jpg --bucket arn:aws:s3:us-west-2:123456789012:accesspoint/prod download.jpg

Upload an object through an access point

The following example uploads the object my-image.jpg through the access point prod owned by account ID 123456789012 in Region us-west-2.

AWS CLI
aws s3api put-object --bucket arn:aws:s3:us-west-2:123456789012:accesspoint/prod --key my-image.jpg --body my-image.jpg

Delete an object through an access point

The following example deletes the object my-image.jpg through the access point prod owned by account ID 123456789012 in Region us-west-2.

AWS CLI
aws s3api delete-object --bucket arn:aws:s3:us-west-2:123456789012:accesspoint/prod --key my-image.jpg

List objects through an access point

The following example lists objects through the access point prod owned by account ID 123456789012 in Region us-west-2.

AWS CLI
aws s3api list-objects-v2 --bucket arn:aws:s3:us-west-2:123456789012:accesspoint/prod

Add a tag set to an object through an access point

The following example adds a tag set to the existing object my-image.jpg through the access point prod owned by account ID 123456789012 in Region us-west-2.

AWS CLI
aws s3api put-object-tagging --bucket arn:aws:s3:us-west-2:123456789012:accesspoint/prod --key my-image.jpg --tagging TagSet=[{Key="finance",Value="true"}]

Grant access permissions through an access point using an ACL

The following example applies an ACL to an existing object my-image.jpg through the access point prod owned by account ID 123456789012 in Region us-west-2.

AWS CLI
aws s3api put-object-acl --bucket arn:aws:s3:us-west-2:123456789012:accesspoint/prod --key my-image.jpg --acl private