Package software.amazon.awscdk.services.s3files

Class CfnAccessPoint

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.s3files.CfnAccessPoint
All Implemented Interfaces:
IInspectable, IEnvironmentAware, IAccessPointRef, ITaggableV2, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)", date="2026-04-14T18:32:03.771Z") @Stability(Stable) public class CfnAccessPoint extends CfnResource implements IInspectable, IAccessPointRef, ITaggableV2
Resource Type definition for AWS::S3Files::AccessPoint.

Example: 

 import software.amazon.awscdk.*;
 import software.amazon.awscdk.services.ec2.*;
 import software.amazon.awscdk.services.s3.*;
 import software.amazon.awscdk.services.s3files.*;
 Vpc vpc = new Vpc(this, "Vpc");
 // Versioning is required — S3 Files relies on object versions for consistency.
 Bucket bucket = Bucket.Builder.create(this, "Bucket").versioned(true).build();
 // S3 Files assumes this role to sync data between S3 and the file system.
 Role role = Role.Builder.create(this, "S3FilesRole")
         .assumedBy(new ServicePrincipal("elasticfilesystem.amazonaws.com"))
         .build();
 // S3 permissions: read/write access to the bucket and objects
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("s3:ListBucket*"))
         .resources(List.of(bucket.getBucketArn()))
         .build());
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject*", "s3:List*", "s3:PutObject*"))
         .resources(List.of(bucket.arnForObjects("*")))
         .build());
 // EventBridge permissions: S3 Files creates rules prefixed "DO-NOT-DELETE-S3-Files"
 // to detect S3 object changes and trigger data synchronization.
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets"))
         .resources(List.of(String.format("arn:%s:events:*:*:rule/DO-NOT-DELETE-S3-Files*", Aws.PARTITION)))
         .conditions(Map.of("StringEquals", Map.of("events:ManagedBy", "elasticfilesystem.amazonaws.com")))
         .build());
 role.addToPolicy(PolicyStatement.Builder.create()
         .actions(List.of("events:DescribeRule", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule"))
         .resources(List.of(String.format("arn:%s:events:*:*:rule/*", Aws.PARTITION)))
         .build());
 CfnFileSystem fileSystem = CfnFileSystem.Builder.create(this, "S3FilesFs")
         .bucket(bucket.getBucketArn())
         .roleArn(role.getRoleArn())
         .build();
 SecurityGroup sg = SecurityGroup.Builder.create(this, "MountTargetSG").vpc(vpc).build();
 // Create a mount target in each private subnet so Lambda can reach the file system via NFS.
 vpc.privateSubnets.forEach((subnet, i) =>
   new s3files.CfnMountTarget(this, `MountTarget${i}`, {
     fileSystemId: fileSystem.attrFileSystemId,
     subnetId: subnet.subnetId,
     securityGroups: [sg.securityGroupId],
   }));
 // The access point defines the POSIX identity and root path Lambda uses on the file system.
 CfnAccessPoint accessPoint = CfnAccessPoint.Builder.create(this, "AccessPoint")
         .fileSystemId(fileSystem.getAttrFileSystemId())
         .rootDirectory(RootDirectoryProperty.builder()
                 .path("/export/lambda")
                 .creationPermissions(CreationPermissionsProperty.builder().ownerGid("1001").ownerUid("1001").permissions("750").build())
                 .build())
         .posixUser(PosixUserProperty.builder().gid("1001").uid("1001").build())
         .build();
 Function fn = Function.Builder.create(this, "MyFunction")
         .runtime(Runtime.NODEJS_LATEST)
         .handler("index.handler")
         .code(Code.fromAsset(join(__dirname, "lambda-handler")))
         .vpc(vpc)
         .filesystem(FileSystem.fromS3FilesAccessPoint(accessPoint, "/mnt/s3files"))
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnAccessPoint

      protected CfnAccessPoint(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnAccessPoint

      protected CfnAccessPoint(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnAccessPoint

      @Stability(Stable) public CfnAccessPoint(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnAccessPointProps props)
      Create a new AWS::S3Files::AccessPoint.

      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • arnForAccessPoint

      @Stability(Stable) @NotNull public static String arnForAccessPoint(@NotNull IAccessPointRef resource)
      Parameters:
      resource - This parameter is required.

    • isCfnAccessPoint

      @Stability(Stable) @NotNull public static Boolean isCfnAccessPoint(@NotNull Object x)
      Checks whether the given object is a CfnAccessPoint.

      Parameters:
      x - This parameter is required.

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAccessPointRef

      @Stability(Stable) @NotNull public AccessPointReference getAccessPointRef()
      A reference to a AccessPoint resource.
      Specified by:
      getAccessPointRef in interface IAccessPointRef

    • getAttrAccessPointArn

      @Stability(Stable) @NotNull public String getAttrAccessPointArn()

    • getAttrAccessPointId

      @Stability(Stable) @NotNull public String getAttrAccessPointId()

    • getAttrOwnerId

      @Stability(Stable) @NotNull public String getAttrOwnerId()

    • getAttrStatus

      @Stability(Stable) @NotNull public String getAttrStatus()

    • getCdkTagManager

      @Stability(Stable) @NotNull public TagManager getCdkTagManager()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getCdkTagManager in interface ITaggableV2

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getFileSystemId

      @Stability(Stable) @NotNull public String getFileSystemId()
      The ID of the S3 Files file system that the access point provides access to.

    • setFileSystemId

      @Stability(Stable) public void setFileSystemId(@NotNull String value)
      The ID of the S3 Files file system that the access point provides access to.

    • getClientToken

      @Stability(Stable) @Nullable public String getClientToken()
      (optional) A string of up to 64 ASCII characters that Amazon EFS uses to ensure idempotent creation.

    • setClientToken

      @Stability(Stable) public void setClientToken(@Nullable String value)
      (optional) A string of up to 64 ASCII characters that Amazon EFS uses to ensure idempotent creation.

    • getPosixUser

      @Stability(Stable) @Nullable public Object getPosixUser()
      Returns union: either IResolvable or CfnAccessPoint.PosixUserProperty

    • setPosixUser

      @Stability(Stable) public void setPosixUser(@Nullable IResolvable value)

    • setPosixUser

      @Stability(Stable) public void setPosixUser(@Nullable CfnAccessPoint.PosixUserProperty value)

    • getRootDirectory

      @Stability(Stable) @Nullable public Object getRootDirectory()
      Returns union: either IResolvable or CfnAccessPoint.RootDirectoryProperty

    • setRootDirectory

      @Stability(Stable) public void setRootDirectory(@Nullable IResolvable value)

    • setRootDirectory

      @Stability(Stable) public void setRootDirectory(@Nullable CfnAccessPoint.RootDirectoryProperty value)

    • getTags

      @Stability(Stable) @Nullable public List<CfnAccessPoint.AccessPointTagProperty> getTags()

    • setTags

      @Stability(Stable) public void setTags(@Nullable List<CfnAccessPoint.AccessPointTagProperty> value)