1. Packages
  2. AWS Classic
  3. API Docs
  4. s3
  5. AccessPoint

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

aws.s3.AccessPoint

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

    Provides a resource to manage an S3 Access Point.

    NOTE on Access Points and Access Point Policies: This provider provides both a standalone Access Point Policy resource and an Access Point resource with a resource policy defined in-line. You cannot use an Access Point with in-line resource policy in conjunction with an Access Point Policy resource. Doing so will cause a conflict of policies and will overwrite the access point’s resource policy.

    Advanced usage: To use a custom API endpoint for this resource, use the s3control endpoint provider configuration), not the s3 endpoint provider configuration.

    This resource cannot be used with S3 directory buckets.

    Example Usage

    AWS Partition General Purpose Bucket

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.s3.BucketV2("example", {bucket: "example"});
    const exampleAccessPoint = new aws.s3.AccessPoint("example", {
        bucket: example.id,
        name: "example",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.s3.BucketV2("example", bucket="example")
    example_access_point = aws.s3.AccessPoint("example",
        bucket=example.id,
        name="example")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
    			Bucket: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewAccessPoint(ctx, "example", &s3.AccessPointArgs{
    			Bucket: example.ID(),
    			Name:   pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.S3.BucketV2("example", new()
        {
            Bucket = "example",
        });
    
        var exampleAccessPoint = new Aws.S3.AccessPoint("example", new()
        {
            Bucket = example.Id,
            Name = "example",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.aws.s3.AccessPoint;
    import com.pulumi.aws.s3.AccessPointArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new BucketV2("example", BucketV2Args.builder()        
                .bucket("example")
                .build());
    
            var exampleAccessPoint = new AccessPoint("exampleAccessPoint", AccessPointArgs.builder()        
                .bucket(example.id())
                .name("example")
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:s3:BucketV2
        properties:
          bucket: example
      exampleAccessPoint:
        type: aws:s3:AccessPoint
        name: example
        properties:
          bucket: ${example.id}
          name: example
    

    S3 on Outposts Bucket

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.s3control.Bucket("example", {bucket: "example"});
    const exampleVpc = new aws.ec2.Vpc("example", {cidrBlock: "10.0.0.0/16"});
    const exampleAccessPoint = new aws.s3.AccessPoint("example", {
        bucket: example.arn,
        name: "example",
        vpcConfiguration: {
            vpcId: exampleVpc.id,
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.s3control.Bucket("example", bucket="example")
    example_vpc = aws.ec2.Vpc("example", cidr_block="10.0.0.0/16")
    example_access_point = aws.s3.AccessPoint("example",
        bucket=example.arn,
        name="example",
        vpc_configuration=aws.s3.AccessPointVpcConfigurationArgs(
            vpc_id=example_vpc.id,
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3control"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := s3control.NewBucket(ctx, "example", &s3control.BucketArgs{
    			Bucket: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleVpc, err := ec2.NewVpc(ctx, "example", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.0.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewAccessPoint(ctx, "example", &s3.AccessPointArgs{
    			Bucket: example.Arn,
    			Name:   pulumi.String("example"),
    			VpcConfiguration: &s3.AccessPointVpcConfigurationArgs{
    				VpcId: exampleVpc.ID(),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.S3Control.Bucket("example", new()
        {
            BucketName = "example",
        });
    
        var exampleVpc = new Aws.Ec2.Vpc("example", new()
        {
            CidrBlock = "10.0.0.0/16",
        });
    
        var exampleAccessPoint = new Aws.S3.AccessPoint("example", new()
        {
            Bucket = example.Arn,
            Name = "example",
            VpcConfiguration = new Aws.S3.Inputs.AccessPointVpcConfigurationArgs
            {
                VpcId = exampleVpc.Id,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3control.Bucket;
    import com.pulumi.aws.s3control.BucketArgs;
    import com.pulumi.aws.ec2.Vpc;
    import com.pulumi.aws.ec2.VpcArgs;
    import com.pulumi.aws.s3.AccessPoint;
    import com.pulumi.aws.s3.AccessPointArgs;
    import com.pulumi.aws.s3.inputs.AccessPointVpcConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Bucket("example", BucketArgs.builder()        
                .bucket("example")
                .build());
    
            var exampleVpc = new Vpc("exampleVpc", VpcArgs.builder()        
                .cidrBlock("10.0.0.0/16")
                .build());
    
            var exampleAccessPoint = new AccessPoint("exampleAccessPoint", AccessPointArgs.builder()        
                .bucket(example.arn())
                .name("example")
                .vpcConfiguration(AccessPointVpcConfigurationArgs.builder()
                    .vpcId(exampleVpc.id())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:s3control:Bucket
        properties:
          bucket: example
      exampleAccessPoint:
        type: aws:s3:AccessPoint
        name: example
        properties:
          bucket: ${example.arn}
          name: example
          vpcConfiguration:
            vpcId: ${exampleVpc.id}
      exampleVpc:
        type: aws:ec2:Vpc
        name: example
        properties:
          cidrBlock: 10.0.0.0/16
    

    Create AccessPoint Resource

    new AccessPoint(name: string, args: AccessPointArgs, opts?: CustomResourceOptions);
    @overload
    def AccessPoint(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    account_id: Optional[str] = None,
                    bucket: Optional[str] = None,
                    bucket_account_id: Optional[str] = None,
                    name: Optional[str] = None,
                    policy: Optional[str] = None,
                    public_access_block_configuration: Optional[AccessPointPublicAccessBlockConfigurationArgs] = None,
                    vpc_configuration: Optional[AccessPointVpcConfigurationArgs] = None)
    @overload
    def AccessPoint(resource_name: str,
                    args: AccessPointArgs,
                    opts: Optional[ResourceOptions] = None)
    func NewAccessPoint(ctx *Context, name string, args AccessPointArgs, opts ...ResourceOption) (*AccessPoint, error)
    public AccessPoint(string name, AccessPointArgs args, CustomResourceOptions? opts = null)
    public AccessPoint(String name, AccessPointArgs args)
    public AccessPoint(String name, AccessPointArgs args, CustomResourceOptions options)
    
    type: aws:s3:AccessPoint
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AccessPointArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessPointArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessPointArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessPointArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessPointArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AccessPoint Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccessPoint resource accepts the following input properties:

    Bucket string
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    AccountId string
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    BucketAccountId string
    AWS account ID associated with the S3 bucket associated with this access point.
    Name string

    Name you want to assign to this access point.

    The following arguments are optional:

    Policy string
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    VpcConfiguration AccessPointVpcConfiguration
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    Bucket string
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    AccountId string
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    BucketAccountId string
    AWS account ID associated with the S3 bucket associated with this access point.
    Name string

    Name you want to assign to this access point.

    The following arguments are optional:

    Policy string
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfigurationArgs
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    VpcConfiguration AccessPointVpcConfigurationArgs
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    bucket String
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    accountId String
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    bucketAccountId String
    AWS account ID associated with the S3 bucket associated with this access point.
    name String

    Name you want to assign to this access point.

    The following arguments are optional:

    policy String
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    publicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpcConfiguration AccessPointVpcConfiguration
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    bucket string
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    accountId string
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    bucketAccountId string
    AWS account ID associated with the S3 bucket associated with this access point.
    name string

    Name you want to assign to this access point.

    The following arguments are optional:

    policy string
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    publicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpcConfiguration AccessPointVpcConfiguration
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    bucket str
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    account_id str
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    bucket_account_id str
    AWS account ID associated with the S3 bucket associated with this access point.
    name str

    Name you want to assign to this access point.

    The following arguments are optional:

    policy str
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    public_access_block_configuration AccessPointPublicAccessBlockConfigurationArgs
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpc_configuration AccessPointVpcConfigurationArgs
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    bucket String
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    accountId String
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    bucketAccountId String
    AWS account ID associated with the S3 bucket associated with this access point.
    name String

    Name you want to assign to this access point.

    The following arguments are optional:

    policy String
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    publicAccessBlockConfiguration Property Map
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpcConfiguration Property Map
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessPoint resource produces the following output properties:

    Alias string
    Alias of the S3 Access Point.
    Arn string
    ARN of the S3 Access Point.
    DomainName string
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    Endpoints Dictionary<string, string>
    VPC endpoints for the S3 Access Point.
    HasPublicAccessPolicy bool
    Indicates whether this access point currently has a policy that allows public access.
    Id string
    The provider-assigned unique ID for this managed resource.
    NetworkOrigin string
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    Alias string
    Alias of the S3 Access Point.
    Arn string
    ARN of the S3 Access Point.
    DomainName string
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    Endpoints map[string]string
    VPC endpoints for the S3 Access Point.
    HasPublicAccessPolicy bool
    Indicates whether this access point currently has a policy that allows public access.
    Id string
    The provider-assigned unique ID for this managed resource.
    NetworkOrigin string
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    alias String
    Alias of the S3 Access Point.
    arn String
    ARN of the S3 Access Point.
    domainName String
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints Map<String,String>
    VPC endpoints for the S3 Access Point.
    hasPublicAccessPolicy Boolean
    Indicates whether this access point currently has a policy that allows public access.
    id String
    The provider-assigned unique ID for this managed resource.
    networkOrigin String
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    alias string
    Alias of the S3 Access Point.
    arn string
    ARN of the S3 Access Point.
    domainName string
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints {[key: string]: string}
    VPC endpoints for the S3 Access Point.
    hasPublicAccessPolicy boolean
    Indicates whether this access point currently has a policy that allows public access.
    id string
    The provider-assigned unique ID for this managed resource.
    networkOrigin string
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    alias str
    Alias of the S3 Access Point.
    arn str
    ARN of the S3 Access Point.
    domain_name str
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints Mapping[str, str]
    VPC endpoints for the S3 Access Point.
    has_public_access_policy bool
    Indicates whether this access point currently has a policy that allows public access.
    id str
    The provider-assigned unique ID for this managed resource.
    network_origin str
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    alias String
    Alias of the S3 Access Point.
    arn String
    ARN of the S3 Access Point.
    domainName String
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints Map<String>
    VPC endpoints for the S3 Access Point.
    hasPublicAccessPolicy Boolean
    Indicates whether this access point currently has a policy that allows public access.
    id String
    The provider-assigned unique ID for this managed resource.
    networkOrigin String
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).

    Look up Existing AccessPoint Resource

    Get an existing AccessPoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessPointState, opts?: CustomResourceOptions): AccessPoint
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            alias: Optional[str] = None,
            arn: Optional[str] = None,
            bucket: Optional[str] = None,
            bucket_account_id: Optional[str] = None,
            domain_name: Optional[str] = None,
            endpoints: Optional[Mapping[str, str]] = None,
            has_public_access_policy: Optional[bool] = None,
            name: Optional[str] = None,
            network_origin: Optional[str] = None,
            policy: Optional[str] = None,
            public_access_block_configuration: Optional[AccessPointPublicAccessBlockConfigurationArgs] = None,
            vpc_configuration: Optional[AccessPointVpcConfigurationArgs] = None) -> AccessPoint
    func GetAccessPoint(ctx *Context, name string, id IDInput, state *AccessPointState, opts ...ResourceOption) (*AccessPoint, error)
    public static AccessPoint Get(string name, Input<string> id, AccessPointState? state, CustomResourceOptions? opts = null)
    public static AccessPoint get(String name, Output<String> id, AccessPointState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    Alias string
    Alias of the S3 Access Point.
    Arn string
    ARN of the S3 Access Point.
    Bucket string
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    BucketAccountId string
    AWS account ID associated with the S3 bucket associated with this access point.
    DomainName string
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    Endpoints Dictionary<string, string>
    VPC endpoints for the S3 Access Point.
    HasPublicAccessPolicy bool
    Indicates whether this access point currently has a policy that allows public access.
    Name string

    Name you want to assign to this access point.

    The following arguments are optional:

    NetworkOrigin string
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    Policy string
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    VpcConfiguration AccessPointVpcConfiguration
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    AccountId string
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    Alias string
    Alias of the S3 Access Point.
    Arn string
    ARN of the S3 Access Point.
    Bucket string
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    BucketAccountId string
    AWS account ID associated with the S3 bucket associated with this access point.
    DomainName string
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    Endpoints map[string]string
    VPC endpoints for the S3 Access Point.
    HasPublicAccessPolicy bool
    Indicates whether this access point currently has a policy that allows public access.
    Name string

    Name you want to assign to this access point.

    The following arguments are optional:

    NetworkOrigin string
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    Policy string
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    PublicAccessBlockConfiguration AccessPointPublicAccessBlockConfigurationArgs
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    VpcConfiguration AccessPointVpcConfigurationArgs
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    accountId String
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    alias String
    Alias of the S3 Access Point.
    arn String
    ARN of the S3 Access Point.
    bucket String
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    bucketAccountId String
    AWS account ID associated with the S3 bucket associated with this access point.
    domainName String
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints Map<String,String>
    VPC endpoints for the S3 Access Point.
    hasPublicAccessPolicy Boolean
    Indicates whether this access point currently has a policy that allows public access.
    name String

    Name you want to assign to this access point.

    The following arguments are optional:

    networkOrigin String
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    policy String
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    publicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpcConfiguration AccessPointVpcConfiguration
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    accountId string
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    alias string
    Alias of the S3 Access Point.
    arn string
    ARN of the S3 Access Point.
    bucket string
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    bucketAccountId string
    AWS account ID associated with the S3 bucket associated with this access point.
    domainName string
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints {[key: string]: string}
    VPC endpoints for the S3 Access Point.
    hasPublicAccessPolicy boolean
    Indicates whether this access point currently has a policy that allows public access.
    name string

    Name you want to assign to this access point.

    The following arguments are optional:

    networkOrigin string
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    policy string
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    publicAccessBlockConfiguration AccessPointPublicAccessBlockConfiguration
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpcConfiguration AccessPointVpcConfiguration
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    account_id str
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    alias str
    Alias of the S3 Access Point.
    arn str
    ARN of the S3 Access Point.
    bucket str
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    bucket_account_id str
    AWS account ID associated with the S3 bucket associated with this access point.
    domain_name str
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints Mapping[str, str]
    VPC endpoints for the S3 Access Point.
    has_public_access_policy bool
    Indicates whether this access point currently has a policy that allows public access.
    name str

    Name you want to assign to this access point.

    The following arguments are optional:

    network_origin str
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    policy str
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    public_access_block_configuration AccessPointPublicAccessBlockConfigurationArgs
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpc_configuration AccessPointVpcConfigurationArgs
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
    accountId String
    AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
    alias String
    Alias of the S3 Access Point.
    arn String
    ARN of the S3 Access Point.
    bucket String
    Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
    bucketAccountId String
    AWS account ID associated with the S3 bucket associated with this access point.
    domainName String
    DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported.
    endpoints Map<String>
    VPC endpoints for the S3 Access Point.
    hasPublicAccessPolicy Boolean
    Indicates whether this access point currently has a policy that allows public access.
    name String

    Name you want to assign to this access point.

    The following arguments are optional:

    networkOrigin String
    Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn't allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).
    policy String
    Valid JSON document that specifies the policy that you want to apply to this access point. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws.s3control.AccessPointPolicy. To remove the policy, set it to "{}" (an empty JSON document).
    publicAccessBlockConfiguration Property Map
    Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.
    vpcConfiguration Property Map
    Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.

    Supporting Types

    AccessPointPublicAccessBlockConfiguration, AccessPointPublicAccessBlockConfigurationArgs

    BlockPublicAcls bool
    Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

    • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    BlockPublicPolicy bool
    Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

    • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
    IgnorePublicAcls bool
    Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true causes Amazon S3 to:

    • Ignore all public ACLs on buckets in this account and any objects that they contain.
    RestrictPublicBuckets bool
    Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

    • Only the bucket owner and AWS Services can access buckets with public policies.
    BlockPublicAcls bool
    Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

    • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    BlockPublicPolicy bool
    Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

    • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
    IgnorePublicAcls bool
    Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true causes Amazon S3 to:

    • Ignore all public ACLs on buckets in this account and any objects that they contain.
    RestrictPublicBuckets bool
    Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

    • Only the bucket owner and AWS Services can access buckets with public policies.
    blockPublicAcls Boolean
    Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

    • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    blockPublicPolicy Boolean
    Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

    • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
    ignorePublicAcls Boolean
    Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true causes Amazon S3 to:

    • Ignore all public ACLs on buckets in this account and any objects that they contain.
    restrictPublicBuckets Boolean
    Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

    • Only the bucket owner and AWS Services can access buckets with public policies.
    blockPublicAcls boolean
    Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

    • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    blockPublicPolicy boolean
    Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

    • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
    ignorePublicAcls boolean
    Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true causes Amazon S3 to:

    • Ignore all public ACLs on buckets in this account and any objects that they contain.
    restrictPublicBuckets boolean
    Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

    • Only the bucket owner and AWS Services can access buckets with public policies.
    block_public_acls bool
    Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

    • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    block_public_policy bool
    Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

    • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
    ignore_public_acls bool
    Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true causes Amazon S3 to:

    • Ignore all public ACLs on buckets in this account and any objects that they contain.
    restrict_public_buckets bool
    Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

    • Only the bucket owner and AWS Services can access buckets with public policies.
    blockPublicAcls Boolean
    Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:

    • PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
    • PUT Object calls fail if the request includes a public ACL.
    • PUT Bucket calls fail if the request includes a public ACL.
    blockPublicPolicy Boolean
    Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:

    • Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
    ignorePublicAcls Boolean
    Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true causes Amazon S3 to:

    • Ignore all public ACLs on buckets in this account and any objects that they contain.
    restrictPublicBuckets Boolean
    Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:

    • Only the bucket owner and AWS Services can access buckets with public policies.

    AccessPointVpcConfiguration, AccessPointVpcConfigurationArgs

    VpcId string
    This access point will only allow connections from the specified VPC ID.
    VpcId string
    This access point will only allow connections from the specified VPC ID.
    vpcId String
    This access point will only allow connections from the specified VPC ID.
    vpcId string
    This access point will only allow connections from the specified VPC ID.
    vpc_id str
    This access point will only allow connections from the specified VPC ID.
    vpcId String
    This access point will only allow connections from the specified VPC ID.

    Import

    Import using the ARN for Access Points associated with an S3 on Outposts Bucket:

    Using pulumi import to import. For example:

    Import using the account_id and name separated by a colon (:) for Access Points associated with an AWS Partition S3 Bucket:

    $ pulumi import aws:s3/accessPoint:AccessPoint example 123456789012:example
    

    Import using the ARN for Access Points associated with an S3 on Outposts Bucket:

    $ pulumi import aws:s3/accessPoint:AccessPoint example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-1234567890123456/accesspoint/example
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi