1. Docs
  2. Reference
  3. API
  4. AWS
  5. s3
  6. AccessPoint

AccessPoint

Provides a resource to manage an S3 Access Point.

Example Usage

Basic Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
        {
        });
        var exampleAccessPoint = new Aws.S3.AccessPoint("exampleAccessPoint", new Aws.S3.AccessPointArgs
        {
            Bucket = exampleBucket.Id,
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        exampleBucket, err := s3.NewBucket(ctx, "exampleBucket", nil)
        if err != nil {
            return err
        }
        _, err = s3.NewAccessPoint(ctx, "exampleAccessPoint", &s3.AccessPointArgs{
            Bucket: exampleBucket.ID(),
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_aws as aws

example_bucket = aws.s3.Bucket("exampleBucket")
example_access_point = aws.s3.AccessPoint("exampleAccessPoint", bucket=example_bucket.id)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("exampleBucket", {});
const exampleAccessPoint = new aws.s3.AccessPoint("exampleAccessPoint", {bucket: exampleBucket.id});

Access Point Restricted to a VPC

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
        {
        });
        var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
        {
            CidrBlock = "10.0.0.0/16",
        });
        var exampleAccessPoint = new Aws.S3.AccessPoint("exampleAccessPoint", new Aws.S3.AccessPointArgs
        {
            Bucket = exampleBucket.Id,
            VpcConfiguration = new Aws.S3.Inputs.AccessPointVpcConfigurationArgs
            {
                VpcId = exampleVpc.Id,
            },
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ec2"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        exampleBucket, err := s3.NewBucket(ctx, "exampleBucket", nil)
        if err != nil {
            return err
        }
        exampleVpc, err := ec2.NewVpc(ctx, "exampleVpc", &ec2.VpcArgs{
            CidrBlock: pulumi.String("10.0.0.0/16"),
        })
        if err != nil {
            return err
        }
        _, err = s3.NewAccessPoint(ctx, "exampleAccessPoint", &s3.AccessPointArgs{
            Bucket: exampleBucket.ID(),
            VpcConfiguration: &s3.AccessPointVpcConfigurationArgs{
                VpcId: exampleVpc.ID(),
            },
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_aws as aws

example_bucket = aws.s3.Bucket("exampleBucket")
example_vpc = aws.ec2.Vpc("exampleVpc", cidr_block="10.0.0.0/16")
example_access_point = aws.s3.AccessPoint("exampleAccessPoint",
    bucket=example_bucket.id,
    vpc_configuration={
        "vpc_id": example_vpc.id,
    })
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("exampleBucket", {});
const exampleVpc = new aws.ec2.Vpc("exampleVpc", {cidrBlock: "10.0.0.0/16"});
const exampleAccessPoint = new aws.s3.AccessPoint("exampleAccessPoint", {
    bucket: exampleBucket.id,
    vpcConfiguration: {
        vpcId: exampleVpc.id,
    },
});

Create a AccessPoint Resource

new AccessPoint(name: string, args: AccessPointArgs, opts?: CustomResourceOptions);
def AccessPoint(resource_name, opts=None, account_id=None, bucket=None, name=None, policy=None, public_access_block_configuration=None, vpc_configuration=None, __props__=None);
func NewAccessPoint(ctx *Context, name string, args AccessPointArgs, opts ...ResourceOption) (*AccessPoint, error)
public AccessPoint(string name, AccessPointArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args AccessPointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessPointArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessPointArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

AccessPoint Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The AccessPoint resource accepts the following input properties:

Bucket string

The name of the bucket that you want to associate this access point with.

AccountId string

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

Name string

The name you want to assign to this access point.

Policy string

A valid JSON document that specifies the policy that you want to apply to this access point.

PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfigurationArgs

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

VpcConfiguration AccessPointVpcConfigurationArgs

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

Bucket string

The name of the bucket that you want to associate this access point with.

AccountId string

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

Name string

The name you want to assign to this access point.

Policy string

A valid JSON document that specifies the policy that you want to apply to this access point.

PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

VpcConfiguration AccessPointVpcConfiguration

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

bucket string

The name of the bucket that you want to associate this access point with.

accountId string

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

name string

The name you want to assign to this access point.

policy string

A valid JSON document that specifies the policy that you want to apply to this access point.

publicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

vpcConfiguration AccessPointVpcConfiguration

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

bucket str

The name of the bucket that you want to associate this access point with.

account_id str

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

name str

The name you want to assign to this access point.

policy str

A valid JSON document that specifies the policy that you want to apply to this access point.

public_access_block_configuration Dict[AccessPointPublicAccessBlockConfiguration]

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

vpc_configuration Dict[AccessPointVpcConfiguration]

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessPoint resource produces the following output properties:

Arn string

Amazon Resource Name (ARN) of the S3 Access Point.

DomainName string

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

HasPublicAccessPolicy bool

Indicates whether this access point currently has a policy that allows public access.

Id string
The provider-assigned unique ID for this managed resource.
NetworkOrigin string

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

Arn string

Amazon Resource Name (ARN) of the S3 Access Point.

DomainName string

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

HasPublicAccessPolicy bool

Indicates whether this access point currently has a policy that allows public access.

Id string
The provider-assigned unique ID for this managed resource.
NetworkOrigin string

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

arn string

Amazon Resource Name (ARN) of the S3 Access Point.

domainName string

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

hasPublicAccessPolicy boolean

Indicates whether this access point currently has a policy that allows public access.

id string
The provider-assigned unique ID for this managed resource.
networkOrigin string

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

arn str

Amazon Resource Name (ARN) of the S3 Access Point.

domain_name str

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

has_public_access_policy bool

Indicates whether this access point currently has a policy that allows public access.

id str
The provider-assigned unique ID for this managed resource.
network_origin str

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

Look up an Existing AccessPoint Resource

Get an existing AccessPoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessPointState, opts?: CustomResourceOptions): AccessPoint
static get(resource_name, id, opts=None, account_id=None, arn=None, bucket=None, domain_name=None, has_public_access_policy=None, name=None, network_origin=None, policy=None, public_access_block_configuration=None, vpc_configuration=None, __props__=None);
func GetAccessPoint(ctx *Context, name string, id IDInput, state *AccessPointState, opts ...ResourceOption) (*AccessPoint, error)
public static AccessPoint Get(string name, Input<string> id, AccessPointState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

Arn string

Amazon Resource Name (ARN) of the S3 Access Point.

Bucket string

The name of the bucket that you want to associate this access point with.

DomainName string

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

HasPublicAccessPolicy bool

Indicates whether this access point currently has a policy that allows public access.

Name string

The name you want to assign to this access point.

NetworkOrigin string

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

Policy string

A valid JSON document that specifies the policy that you want to apply to this access point.

PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfigurationArgs

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

VpcConfiguration AccessPointVpcConfigurationArgs

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

AccountId string

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

Arn string

Amazon Resource Name (ARN) of the S3 Access Point.

Bucket string

The name of the bucket that you want to associate this access point with.

DomainName string

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

HasPublicAccessPolicy bool

Indicates whether this access point currently has a policy that allows public access.

Name string

The name you want to assign to this access point.

NetworkOrigin string

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

Policy string

A valid JSON document that specifies the policy that you want to apply to this access point.

PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

VpcConfiguration AccessPointVpcConfiguration

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

accountId string

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

arn string

Amazon Resource Name (ARN) of the S3 Access Point.

bucket string

The name of the bucket that you want to associate this access point with.

domainName string

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

hasPublicAccessPolicy boolean

Indicates whether this access point currently has a policy that allows public access.

name string

The name you want to assign to this access point.

networkOrigin string

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

policy string

A valid JSON document that specifies the policy that you want to apply to this access point.

publicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

vpcConfiguration AccessPointVpcConfiguration

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

account_id str

The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.

arn str

Amazon Resource Name (ARN) of the S3 Access Point.

bucket str

The name of the bucket that you want to associate this access point with.

domain_name str

The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn’t supported.

has_public_access_policy bool

Indicates whether this access point currently has a policy that allows public access.

name str

The name you want to assign to this access point.

network_origin str

Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn’t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

policy str

A valid JSON document that specifies the policy that you want to apply to this access point.

public_access_block_configuration Dict[AccessPointPublicAccessBlockConfiguration]

Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.

vpc_configuration Dict[AccessPointVpcConfiguration]

Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Detailed below.

Supporting Types

AccessPointPublicAccessBlockConfiguration

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

BlockPublicAcls bool

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. * PUT Object calls fail if the request includes a public ACL. * PUT Bucket calls fail if the request includes a public ACL.

BlockPublicPolicy bool

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

IgnorePublicAcls bool

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore all public ACLs on buckets in this account and any objects that they contain.

RestrictPublicBuckets bool

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access buckets with public policies.

BlockPublicAcls bool

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. * PUT Object calls fail if the request includes a public ACL. * PUT Bucket calls fail if the request includes a public ACL.

BlockPublicPolicy bool

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

IgnorePublicAcls bool

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore all public ACLs on buckets in this account and any objects that they contain.

RestrictPublicBuckets bool

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access buckets with public policies.

blockPublicAcls boolean

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. * PUT Object calls fail if the request includes a public ACL. * PUT Bucket calls fail if the request includes a public ACL.

blockPublicPolicy boolean

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

ignorePublicAcls boolean

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore all public ACLs on buckets in this account and any objects that they contain.

restrictPublicBuckets boolean

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access buckets with public policies.

block_public_acls bool

Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior: * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. * PUT Object calls fail if the request includes a public ACL. * PUT Bucket calls fail if the request includes a public ACL.

block_public_policy bool

Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to: * Reject calls to PUT Bucket policy if the specified bucket policy allows public access.

ignore_public_acls bool

Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn’t prevent new public ACLs from being set. When set to true causes Amazon S3 to: * Ignore all public ACLs on buckets in this account and any objects that they contain.

restrict_public_buckets bool

Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true: * Only the bucket owner and AWS Services can access buckets with public policies.

AccessPointVpcConfiguration

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

VpcId string

This access point will only allow connections from the specified VPC ID.

VpcId string

This access point will only allow connections from the specified VPC ID.

vpcId string

This access point will only allow connections from the specified VPC ID.

vpc_id str

This access point will only allow connections from the specified VPC ID.

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.