Interface CfnAccessPointProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnAccessPointProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)",
date="2026-04-14T18:32:03.773Z")
@Stability(Stable)
public interface CfnAccessPointProps
extends software.amazon.jsii.JsiiSerializable
Properties for defining a
CfnAccessPoint.
Example:
import software.amazon.awscdk.*;
import software.amazon.awscdk.services.ec2.*;
import software.amazon.awscdk.services.s3.*;
import software.amazon.awscdk.services.s3files.*;
Vpc vpc = new Vpc(this, "Vpc");
// Versioning is required — S3 Files relies on object versions for consistency.
Bucket bucket = Bucket.Builder.create(this, "Bucket").versioned(true).build();
// S3 Files assumes this role to sync data between S3 and the file system.
Role role = Role.Builder.create(this, "S3FilesRole")
.assumedBy(new ServicePrincipal("elasticfilesystem.amazonaws.com"))
.build();
// S3 permissions: read/write access to the bucket and objects
role.addToPolicy(PolicyStatement.Builder.create()
.actions(List.of("s3:ListBucket*"))
.resources(List.of(bucket.getBucketArn()))
.build());
role.addToPolicy(PolicyStatement.Builder.create()
.actions(List.of("s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject*", "s3:List*", "s3:PutObject*"))
.resources(List.of(bucket.arnForObjects("*")))
.build());
// EventBridge permissions: S3 Files creates rules prefixed "DO-NOT-DELETE-S3-Files"
// to detect S3 object changes and trigger data synchronization.
role.addToPolicy(PolicyStatement.Builder.create()
.actions(List.of("events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets"))
.resources(List.of(String.format("arn:%s:events:*:*:rule/DO-NOT-DELETE-S3-Files*", Aws.PARTITION)))
.conditions(Map.of("StringEquals", Map.of("events:ManagedBy", "elasticfilesystem.amazonaws.com")))
.build());
role.addToPolicy(PolicyStatement.Builder.create()
.actions(List.of("events:DescribeRule", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule"))
.resources(List.of(String.format("arn:%s:events:*:*:rule/*", Aws.PARTITION)))
.build());
CfnFileSystem fileSystem = CfnFileSystem.Builder.create(this, "S3FilesFs")
.bucket(bucket.getBucketArn())
.roleArn(role.getRoleArn())
.build();
SecurityGroup sg = SecurityGroup.Builder.create(this, "MountTargetSG").vpc(vpc).build();
// Create a mount target in each private subnet so Lambda can reach the file system via NFS.
vpc.privateSubnets.forEach((subnet, i) =>
new s3files.CfnMountTarget(this, `MountTarget${i}`, {
fileSystemId: fileSystem.attrFileSystemId,
subnetId: subnet.subnetId,
securityGroups: [sg.securityGroupId],
}));
// The access point defines the POSIX identity and root path Lambda uses on the file system.
CfnAccessPoint accessPoint = CfnAccessPoint.Builder.create(this, "AccessPoint")
.fileSystemId(fileSystem.getAttrFileSystemId())
.rootDirectory(RootDirectoryProperty.builder()
.path("/export/lambda")
.creationPermissions(CreationPermissionsProperty.builder().ownerGid("1001").ownerUid("1001").permissions("750").build())
.build())
.posixUser(PosixUserProperty.builder().gid("1001").uid("1001").build())
.build();
Function fn = Function.Builder.create(this, "MyFunction")
.runtime(Runtime.NODEJS_LATEST)
.handler("index.handler")
.code(Code.fromAsset(join(__dirname, "lambda-handler")))
.vpc(vpc)
.filesystem(FileSystem.fromS3FilesAccessPoint(accessPoint, "/mnt/s3files"))
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnAccessPointPropsstatic final classAn implementation forCfnAccessPointProps -
Method Summary
Modifier and TypeMethodDescriptionstatic CfnAccessPointProps.Builderbuilder()default String(optional) A string of up to 64 ASCII characters that Amazon EFS uses to ensure idempotent creation.The ID of the S3 Files file system that the access point provides access to.default ObjectReturns union: eitherIResolvableorCfnAccessPoint.PosixUserPropertydefault ObjectReturns union: eitherIResolvableorCfnAccessPoint.RootDirectoryPropertygetTags()Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getFileSystemId
The ID of the S3 Files file system that the access point provides access to.- See Also:
-
getClientToken
(optional) A string of up to 64 ASCII characters that Amazon EFS uses to ensure idempotent creation.- See Also:
-
getPosixUser
Returns union: eitherIResolvableorCfnAccessPoint.PosixUserProperty- See Also:
-
getRootDirectory
Returns union: eitherIResolvableorCfnAccessPoint.RootDirectoryProperty- See Also:
-
getTags
- See Also:
-
builder
- Returns:
- a
CfnAccessPointProps.BuilderofCfnAccessPointProps
-