This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::S3::AccessPoint VpcConfiguration The Virtual Private Cloud (VPC) configuration for this access point. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[VpcId](#cfn-s3-accesspoint-vpcconfiguration-vpcid)" : String } ``` ### YAML ``` [VpcId](#cfn-s3-accesspoint-vpcconfiguration-vpcid): String ``` ## Properties `VpcId` If this field is specified, the access point will only allow connections from the specified VPC ID. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `1024` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Examples ### Create an S3 Access Point restricted to a VPC The following example creates an Amazon S3 access point restricted to a virtual private cloud (VPC). For more information, see [Configuring IAM policies for using access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies.html) in the *Amazon S3 User Guide*. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket" }, "S3BucketPolicy": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "S3Bucket" }, "PolicyDocument": { "Version": "2012-10-17" , "Statement": [ { "Action": "*", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "S3Bucket", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "S3Bucket", "Arn" ] }, "/*" ] ] } ], "Principal": { "AWS": "*" }, "Condition": { "StringEquals": { "s3:DataAccessPointAccount": { "Ref": "AWS::AccountId" } } } } ] } } }, "VPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16" } }, "S3AccessPoint": { "Type": "AWS::S3::AccessPoint", "Properties": { "Bucket": { "Ref": "S3Bucket" }, "Name": "my-access-point", "VpcConfiguration": { "VpcId": { "Ref": "VPC" } }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "IgnorePublicAcls": true, "BlockPublicPolicy": true, "RestrictPublicBuckets": true } } } }, "Outputs": { "S3AccessPointArn": { "Value": { "Ref": "S3AccessPoint" }, "Description": "ARN of the sample Amazon S3 access point." } } } ``` #### YAML ``` AWSTemplateFormatVersion: 2010-09-09 Resources: S3Bucket: Type: AWS::S3::Bucket S3BucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: Ref: S3Bucket PolicyDocument: Version: 2012-10-17 Statement: - Action: "*" Effect: Allow Resource: - Fn::GetAtt: - S3Bucket - Arn - Fn::Join: - "" - - Fn::GetAtt: - S3Bucket - Arn - /* Principal: AWS: "*" Condition: StringEquals: s3:DataAccessPointAccount: Ref: AWS::AccountId VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 S3AccessPoint: Type: AWS::S3::AccessPoint Properties: Bucket: Ref: S3Bucket Name: my-access-point VpcConfiguration: VpcId: Ref: VPC PublicAccessBlockConfiguration: BlockPublicAcls: true IgnorePublicAcls: true BlockPublicPolicy: true RestrictPublicBuckets: true Outputs: S3AccessPointArn: Value: Ref: S3AccessPoint Description: ARN of the sample Amazon S3 access point. ```