Using access points

You can access the objects in an Amazon S3 bucket with an access point by using the Amazon S3 console, AWS CLI, AWS SDKs, or the Amazon S3 REST API.

Access points have Amazon Resource Names (ARNs). Access point ARNs are similar to bucket ARNs, but they are explicitly typed and encode the access point's Region and the AWS account ID of the access point's owner. For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

Access point ARNs use the format arn:aws:s3:region:account-id:accesspoint/resource. For example:

• arn:aws:s3:us-west-2:123456789012:accesspoint/test represents the access point named test, owned by account 123456789012 in the Region us-west-2.

• arn:aws:s3:us-west-2:123456789012:accesspoint/* represents all access points under account 123456789012 in the Region us-west-2.

ARNs for objects accessed through an access point use the format arn:aws:s3:region:account-id:accesspoint/access-point-name/object/resource. For example:

• arn:aws:s3:us-west-2:123456789012:accesspoint/test/object/unit-01 represents the object unit-01, accessed through the access point named test, owned by account 123456789012 in the Region us-west-2.

• arn:aws:s3:us-west-2:123456789012:accesspoint/test/object/* represents all objects for the access point named test, in account 123456789012 in the Region us-west-2.

• arn:aws:s3:us-west-2:123456789012:accesspoint/test/object/unit-01/finance/* represents all objects under prefix unit-01/finance/ for the access point named test, in account 123456789012 in the Region us-west-2.

Accessing a bucket through S3 access points

S3 access points only support virtual-host-style addressing. To address a bucket through an access point, use the following format.

https://access-point-name-account-id.s3-accesspoint.region.amazonaws.com

Note

• If your access point name includes dash (-) characters, include the dashes in the URL and insert another dash before the account ID. For example, to use an access point named finance-docs owned by account 123456789012 in the Region us-west-2, the appropriate URL would be https://finance-docs-123456789012.s3-accesspoint.us-west-2.amazonaws.com.

• S3 access points don't support access through HTTP. Access points support only secure access through HTTPS.

Topics

• Monitoring and logging access points
• Using Amazon S3 access points with the Amazon S3 console
• Using a bucket-style alias for your S3 bucket access point
• Using access points with compatible Amazon S3 operations

If you have a Virtual Private Cloud (VPC), see Managing Amazon S3 access with VPC endpoints and S3 Access Points.