AWS::S3Outposts::AccessPoint
The AWS::S3Outposts::AccessPoint resource specifies an access point and associates it with the specified Amazon S3 on Outposts bucket. For more information, see Managing data access with Amazon S3 access points.
Note
S3 on Outposts supports only VPC-style access points.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::S3Outposts::AccessPoint", "Properties" : { "Bucket" :
String
, "Name" :String
, "Policy" :Json
, "VpcConfiguration" :VpcConfiguration
} }
YAML
Type: AWS::S3Outposts::AccessPoint Properties: Bucket:
String
Name:String
Policy:Json
VpcConfiguration:VpcConfiguration
Properties
Bucket
-
The Amazon Resource Name (ARN) of the S3 on Outposts bucket that is associated with this access point.
Required: Yes
Type: String
Pattern:
^arn:[^:]+:s3-outposts:[a-zA-Z0-9\-]+:\d{12}:outpost\/[^:]+\/bucket\/[^:]+$
Minimum:
20
Maximum:
2048
Update requires: Replacement
Name
-
The name of this access point.
Required: Yes
Type: String
Pattern:
^[a-z0-9]([a-z0-9\\-]*[a-z0-9])?$
Minimum:
3
Maximum:
50
Update requires: Replacement
Policy
-
The access point policy associated with this access point.
Required: No
Type: Json
Update requires: No interruption
VpcConfiguration
-
The virtual private cloud (VPC) configuration for this access point, if one exists.
Required: Yes
Type: VpcConfiguration
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the access point ARN.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
Arn
-
This resource contains the details of the S3 on Outposts bucket access point ARN. This resource is read-only.
Examples
Creating an access point with an access point policy for your Amazon S3 on Outposts using CloudFormation
The following example shows how you can create an S3 on Outposts bucket and S3 on Outposts access point in the same CFN stack.
Note
To create an access point, you must already have an S3 on Outposts bucket ARN. This means that you must create your Outposts bucket before or at the same time as you create the access point.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Bucket, no tags, no lifecycle configuration with access point", "Resources": { "ExampleS3OutpostsBucket": { "Type": "AWS::S3Outposts::Bucket", "Properties": { "BucketName": "DOC-EXAMPLE-BUCKET", "OutpostId": "op-01ac5d28a6a232904" } }, "ExampleS3OutpostsAccessPoint": { "Type": "AWS::S3Outposts::AccessPoint", "Properties": { "Bucket": { "Ref": "ExampleS3OutpostsBucket" }, "Name": "ExampleAccessPoint", "VpcConfiguration": { "VpcID": "vpc-12345" }, "Policy": { "Version":"2012-10-17", "ID":"AccessPointPolicy", "Statement":[{ "Sid":"st1", "Effect":"Allow", "Principal":{"AWS":"arn:aws:iam::123456789012:root"}, "Action":"s3-outposts:*", "Resource": "arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-01ac5d28a6a232904/accesspoint/ExampleAccessPoint" }] } } } }, "Outputs": { "ExampleS3OutpostsBucketARN": { "Description": "The ARN of ExampleS3OutpostsBucket", "Value": { "Ref": "ExampleS3OutpostsBucket" } }, "ExampleS3OutpostsAccessPointARN": { "Description": "The ARN of ExampleS3OutpostsAccessPoint", "Value": {"Ref": "ExampleS3OutpostsAccessPoint" } }, "ExampleS3OutpostsStackID": { "Description": "The stack ID", "Value": { "Ref": "AWS::StackID" }, "Export": { "Name": {"Fn::Sub": "${AWS::StackName}-StackID"}} } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Description: Bucket, no tags, no lifecycle configuration with access point Resources: ExampleS3OutpostsBucket: Type: AWS::S3Outposts::Bucket Properties: BucketName: DOC-EXAMPLE-BUCKET OutpostId: op-01ac5d28a6a232904 ExampleS3OutpostsAccessPoint: Type: AWS::S3Outposts::AccessPoint Properties: Bucket: Ref: ExampleS3OutpostsBucket Name: ExampleAccessPoint VpcConfiguration: VpcID: vpc-12345 Policy: Version: '2012-10-17' ID: AccessPointPolicy Statement: - Sid: st1 Effect: Allow Principal: AWS: arn:aws:iam::123456789012:root Action: s3-outposts:* Resource: arn:aws:s3-outposts:us-east-1:1234567890:outpost/op-01ac5d28a6a232904/accesspoint/ExampleAccessPoint Outputs: ExampleS3OutpostsBucketARN: Description: The ARN of ExampleS3OutpostsBucket Value: Ref: ExampleS3OutpostsBucket ExampleS3OutpostsAccessPointARN: Description: The ARN of ExampleS3OutpostsAccessPoint Value: Ref: ExampleS3OutpostsAccessPoint ExampleS3OutpostsStackID: Description: The stack ID Value: Ref: AWS::StackID Export: Name: Fn::Sub: "${AWS::StackName}-StackID"