Skip to main content

access_point_policies

Creates, updates, deletes or gets an access_point_policy resource or lists access_point_policies in a region

Overview

Nameaccess_point_policies
TypeResource
DescriptionAWS::S3ObjectLambda::AccessPointPolicy resource is an Amazon S3ObjectLambda policy type that you can use to control permissions for your S3ObjectLambda
Idawscc.s3objectlambda.access_point_policies

Fields

NameDatatypeDescription
object_lambda_access_pointstringThe name of the Amazon S3 ObjectLambdaAccessPoint to which the policy applies.
policy_documentobjectA policy document containing permissions to add to the specified ObjectLambdaAccessPoint. For more information, see Access Policy Language Overview (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html) in the Amazon Simple Storage Service Developer Guide.
regionstringAWS region.

For more information, see AWS::S3ObjectLambda::AccessPointPolicy.

Methods

NameAccessible byRequired Params
create_resourceINSERTObjectLambdaAccessPoint, PolicyDocument, region
delete_resourceDELETEIdentifier, region
update_resourceUPDATEIdentifier, PatchDocument, region
get_resourceSELECTIdentifier, region

SELECT examples

Gets all properties from an individual access_point_policy.

SELECT
  region,
  object_lambda_access_point,
  policy_document
FROM awscc.s3objectlambda.access_point_policies
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ object_lambda_access_point }}';

INSERT example

Use the following StackQL query and manifest file to create a new access_point_policy resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.s3objectlambda.access_point_policies (
  ObjectLambdaAccessPoint,
  PolicyDocument,
  region
)
SELECT
  '{{ object_lambda_access_point }}',
  '{{ policy_document }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a access_point_policy resource, using stack-deploy.

/*+ update */
UPDATE awscc.s3objectlambda.access_point_policies
SET PatchDocument = string('{{ {
    "PolicyDocument": policy_document
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ object_lambda_access_point }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.s3objectlambda.access_point_policies
WHERE
  Identifier = '{{ object_lambda_access_point }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the access_point_policies resource, the following permissions are required:

s3:PutAccessPointPolicyForObjectLambda,
s3:GetAccessPointPolicyForObjectLambda