Using access points
You can access the objects in an Amazon S3 bucket with an access point by using the Amazon S3 console, Amazon CLI, Amazon SDKs, or the Amazon S3 REST API.
Access points have Amazon Resource Names (ARNs). Access point ARNs are similar to bucket ARNs, but they are explicitly typed and encode the access point's Region and the Amazon Web Services account ID of the access point's owner. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
Access point ARNs use the format
arn:aws-cn:s3:
.
For example:region
:account-id
:accesspoint/resource
-
arn:aws-cn:s3:
represents the access point namedus-west-2
:123456789012
:accesspoint/test
, owned by accounttest
in the Region123456789012
.us-west-2
-
arn:aws-cn:s3:
represents all access points under accountus-west-2
:123456789012
:accesspoint/*
in the Region123456789012
.us-west-2
ARNs for objects accessed through an access point use the format
arn:aws-cn:s3:
.
For example:region
:account-id
:accesspoint/access-point-name
/object/resource
-
arn:aws-cn:s3:
represents the objectus-west-2
:123456789012
:accesspoint/test
/object/unit-01
, accessed through the access point namedunit-01
, owned by accounttest
in the Region123456789012
.us-west-2
-
arn:aws-cn:s3:
represents all objects for the access point namedus-west-2
:123456789012
:accesspoint/test
/object/*
, in accounttest
in the Region123456789012
.us-west-2
-
arn:aws-cn:s3:
represents all objects under prefixus-west-2
:123456789012
:accesspoint/test
/object/unit-01
/finance
/*
for the access point namedunit-01/finance/
, in accounttest
in the Region123456789012
.us-west-2
Accessing a bucket through S3 access points
S3 access points only support virtual-host-style addressing. To address a bucket through an access point, use the following format.
https://
access-point-name
-account-id
.s3-accesspoint.region
.amazonaws.com
Note
-
If your access point name includes dash (-) characters, include the dashes in the URL and insert another dash before the account ID. For example, to use an access point named
owned by accountfinance-docs
in the Region123456789012
, the appropriate URL would beus-west-2
https://
.finance-docs
-123456789012
.s3-accesspoint.us-west-2
.amazonaws.com -
S3 access points don't support access through HTTP. Access points support only secure access through HTTPS.
Topics
If you have a Virtual Private Cloud (VPC), see Managing Amazon S3 access with VPC endpoints and S3 Access Points