Creating an access point - Amazon Simple Storage Service

Creating an access point

An access point is associated with exactly one Amazon S3 bucket. Before you begin, make sure that you have created a bucket that you want to use with this access point. For more information about creating buckets, see Creating, configuring, and working with Amazon S3 buckets. Amazon S3 access points support AWS Identity and Access Management (IAM) resource policies that allow you to control the use of the access point by resource, user, or other conditions. For more information, see Configuring IAM policies for using access points.

By default, you can create up to 1,000 access points per Region for each of your AWS accounts. If you need more than 1,000 access points for a single account in a single Region, you can request a service quota increase. For more information about service quotas and requesting an increase, see AWS Service Quotas in the AWS General Reference.

The following examples demonstrate how to create an access point with the AWS CLI and the S3 console. For more information about how to create access points using the REST API, see CreateAccessPoint in the Amazon Simple Storage Service API Reference.

To create an access point

  1. Sign in to the AWS Management Console and open the Amazon S3 console at

  2. In the navigation pane on the left side of the console, choose Access points.

  3. On the access points page, choose Create access point.

  4. In the Access point name field, enter your desired name for the access point. For more information about naming access points, see Rules for naming Amazon S3 access points.

  5. In the Bucket name field, enter the name of a bucket in your account to which you want to attach the access point, for example DOC-EXAMPLE-BUCKET1. Optionally, you can choose Browse S3 to browse and search buckets in your account. If you choose Browse S3, select the desired bucket and choose Choose path to populate the Bucket name field with that bucket's name.

  6. (Optional) Choose View to view the contents of the specified bucket in a new browser window.

  7. Select a Network origin. If you choose Virtual private cloud (VPC), enter the VPC ID that you want to use with the access point.

    For more information about network origins for access points, see Creating access points restricted to a virtual private cloud.

  8. Under Block Public Access settings for this Access Point, select the block public access settings that you want to apply to the access point. All block public access settings are enabled by default for new access points, and we recommend that you leave all settings enabled unless you know you have a specific need to disable any of them. Amazon S3 currently doesn't support changing an access point's block public access settings after the access point has been created.

    For more information about using Amazon S3 Block Public Access with access points, see Managing public access to access points.

  9. (Optional) Under Access Point policy - optional, specify the access point policy. For more information about specifying an access point policy, see Access point policy examples.

  10. Choose Create access point.

The following example creates an access point named example-ap for bucket example-bucket in account 123456789012. To create the access point, you send a request to Amazon S3, specifying the access point name, the name of the bucket that you want to associate the access point with, and the account ID for the AWS account that owns the bucket. For information about naming rules, see Rules for naming Amazon S3 access points.

aws s3control create-access-point --name example-ap --account-id 123456789012 --bucket example-bucket