Using a bucket-style alias for your access point - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Using a bucket-style alias for your access point

When you create an access point, Amazon S3 automatically generates an alias that you can use instead of an Amazon S3 bucket name for data access. You can use this access point alias instead of an Amazon Resource Name (ARN) for any access point data plane operation. For a list of these operations, see Access point compatibility with Amazon services.

The following shows an example ARN and access point alias for an access point named my-access-point.

  • ARNarn:aws:s3:region:account-id:accesspoint/my-access-point

  • Access point aliasmy-access-point-hrzrlukc5m36ft7okagglf3gmwluquse1b-s3alias

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon General Reference.

Access point alias names

An access point alias name is created within the same namespace as an Amazon S3 bucket. This alias name is automatically generated and cannot be changed. An access point alias name meets all the requirements of a valid Amazon S3 bucket name and consists of the following parts:

[Access point prefix]-[Metadata]-s3alias

Note

The -s3alias suffix is reserved for access point alias names and can't be used for bucket or access point names. For more information about Amazon S3 bucket naming rules, see Bucket naming rules.

Access point alias use cases and limitations

When adopting access points, you can use access point alias names without requiring extensive code changes.

When you create an access point, Amazon S3 automatically generates an access point alias name, as shown in the following example.

aws s3control create-access-point --bucket --name my-access-point --account-id 111122223333 { "AccessPointArn": "arn:aws:s3:region:111122223333:accesspoint/my-access-point", "Alias": "my-access-point-aqfqprnstn7aefdfbarligizwgyfouse1a-s3alias" }

You can use this access point alias name instead of an Amazon S3 bucket name in any data plane operation. For a list of these operations, see Access point compatibility with Amazon services.

aws s3api get-object --bucket my-access-point-aqfqprnstn7aefdfbarligizwgyfouse1a-s3alias --key dir/my_data.rtf my_data.rtf { "AcceptRanges": "bytes", "LastModified": "2020-01-08T22:16:28+00:00", "ContentLength": 910, "ETag": "\"00751974dc146b76404bb7290f8f51bb\"", "VersionId": "null", "ContentType": "text/rtf", "Metadata": {} }

Limitations

  • Aliases cannot be configured by customers.

  • Aliases cannot be deleted or modified or disabled on an Access Point.

  • You can use this access point alias name instead of an Amazon S3 bucket name in some data plane operation. For a list of these operations, see Access point compatibility with S3 operations.

  • You can't use an access point alias name for Amazon S3 control plane operations. For a list of Amazon S3 control plane operations, see Amazon S3 Control in the Amazon Simple Storage Service API Reference.

  • Aliases cannot be used in IAM policies.

  • Aliases cannot be used as a logging destination for S3 server access logs.

  • Aliases cannot be used as a logging destination for Amazon CloudTrail logs.

  • Amazon SageMaker GroundTruth and Amazon SageMaker Feature Store do not support access point alias.

  • Unload command for RedShift does not support using an access point alias.