access_points
Creates, updates, deletes or gets an access_point resource or lists access_points in a region
Overview
| Name | access_points |
| Type | Resource |
| Description | The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets. |
| Id | awscc.s3.access_points |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
name | string | The name you want to assign to this Access Point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name. |
alias | string | The alias of this Access Point. This alias can be used for compatibility purposes with other AWS services and third-party applications. |
bucket | string | The name of the bucket that you want to associate this Access Point with. |
bucket_account_id | string | The AWS account ID associated with the S3 bucket associated with this access point. |
vpc_configuration | object | If you include this field, Amazon S3 restricts access to this Access Point to requests from the specified Virtual Private Cloud (VPC). |
public_access_block_configuration | object | The PublicAccessBlock configuration that you want to apply to this Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status 'The Meaning of Public' in the Amazon Simple Storage Service Developer Guide. |
policy | object | The Access Point Policy you want to apply to this access point. |
network_origin | string | Indicates whether this Access Point allows access from the public Internet. If VpcConfiguration is specified for this Access Point, then NetworkOrigin is VPC, and the Access Point doesn't allow access from the public Internet. Otherwise, NetworkOrigin is Internet, and the Access Point allows access from the public Internet, subject to the Access Point and bucket access policies. |
arn | string | The Amazon Resource Name (ARN) of the specified accesspoint. |
tags | array | An arbitrary set of tags (key-value pairs) for this S3 Access Point. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
name | string | The name you want to assign to this Access Point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name. |
region | string | AWS region. |
For more information, see AWS::S3::AccessPoint.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | access_points | INSERT | Bucket, region |
delete_resource | access_points | DELETE | Identifier, region |
update_resource | access_points | UPDATE | Identifier, PatchDocument, region |
list_resources | access_points_list_only | SELECT | region |
get_resource | access_points | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual access_point.
SELECT
region,
name,
alias,
bucket,
bucket_account_id,
vpc_configuration,
public_access_block_configuration,
policy,
network_origin,
arn,
tags
FROM awscc.s3.access_points
WHERE
region = 'us-east-1' AND
Identifier = '{{ name }}';
Lists all access_points in a region.
SELECT
region,
name
FROM awscc.s3.access_points_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new access_point resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.s3.access_points (
Bucket,
region
)
SELECT
'{{ bucket }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.s3.access_points (
Name,
Bucket,
BucketAccountId,
VpcConfiguration,
PublicAccessBlockConfiguration,
Policy,
Tags,
region
)
SELECT
'{{ name }}',
'{{ bucket }}',
'{{ bucket_account_id }}',
'{{ vpc_configuration }}',
'{{ public_access_block_configuration }}',
'{{ policy }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: access_point
props:
- name: name
value: '{{ name }}'
- name: bucket
value: '{{ bucket }}'
- name: bucket_account_id
value: '{{ bucket_account_id }}'
- name: vpc_configuration
value:
vpc_id: '{{ vpc_id }}'
- name: public_access_block_configuration
value:
restrict_public_buckets: '{{ restrict_public_buckets }}'
block_public_policy: '{{ block_public_policy }}'
block_public_acls: '{{ block_public_acls }}'
ignore_public_acls: '{{ ignore_public_acls }}'
- name: policy
value: {}
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
UPDATE example
Use the following StackQL query and manifest file to update a access_point resource, using stack-deploy.
/*+ update */
UPDATE awscc.s3.access_points
SET PatchDocument = string('{{ {
"PublicAccessBlockConfiguration": public_access_block_configuration,
"Policy": policy,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ name }}';
DELETE example
/*+ delete */
DELETE FROM awscc.s3.access_points
WHERE
Identifier = '{{ name }}' AND
region = 'us-east-1';
Permissions
To operate on the access_points resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
s3:CreateAccessPoint,
s3:PutAccessPointPolicy,
s3:GetAccessPoint,
s3:PutAccessPointPublicAccessBlock,
s3:TagResource
s3:GetAccessPoint,
s3:GetAccessPointPolicy,
s3:ListTagsForResource
s3:PutAccessPointPolicy,
s3:PutAccessPointPublicAccessBlock,
s3:DeleteAccessPointPolicy,
s3:GetAccessPoint,
s3:GetAccessPointPolicy,
s3:TagResource,
s3:UntagResource
s3:DeleteAccessPointPolicy,
s3:DeleteAccessPoint
s3:ListAccessPoints