This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::S3Express::AccessPoint
Access points simplify managing data access at scale for shared datasets in Amazon S3. Access points are unique hostnames you create to enforce distinct permissions and network controls for all requests made through an access point. You can create hundreds of access points per bucket, each with a distinct name and permissions customized for each application. Each access point works in conjunction with the bucket policy that is attached to the underlying bucket. For more information, see Managing access to shared datasets in directory buckets with access points.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::S3Express::AccessPoint", "Properties" : { "Bucket" :String, "BucketAccountId" :String, "Name" :String, "Policy" :Json, "PublicAccessBlockConfiguration" :PublicAccessBlockConfiguration, "Scope" :Scope, "Tags" :[ Tag, ... ], "VpcConfiguration" :VpcConfiguration} }
YAML
Type: AWS::S3Express::AccessPoint Properties: Bucket:StringBucketAccountId:StringName:StringPolicy:JsonPublicAccessBlockConfiguration:PublicAccessBlockConfigurationScope:ScopeTags:- TagVpcConfiguration:VpcConfiguration
Properties
- Bucket
- 
                    The name of the bucket that you want to associate the access point with. Required: Yes Type: String Minimum: 3Maximum: 255Update requires: Replacement 
- BucketAccountId
- 
                    The AWS account ID that owns the bucket associated with this access point. Required: No Type: String Pattern: ^\d{12}$Maximum: 64Update requires: Replacement 
- Name
- 
                    An access point name consists of a base name you provide, followed by the zoneID (AWS Local Zone) followed by the prefix --xa-s3. For example, accesspointname--zoneID--xa-s3.Required: No Type: String Pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$Minimum: 3Maximum: 50Update requires: Replacement 
- Policy
- 
                    The access point policy associated with the specified access point. Required: No Type: Json Update requires: No interruption 
- PublicAccessBlockConfiguration
- 
                    Public access is blocked by default to access points for directory buckets. Required: No Type: PublicAccessBlockConfiguration Update requires: No interruption 
- Scope
- 
                    You can use the access point scope to restrict access to specific prefixes, API operations, or a combination of both. For more information, see Manage the scope of your access points for directory buckets. Required: No Type: Scope Update requires: No interruption 
- 
                    An array of tags that you can apply to access points. Tags are key-value pairs of metadata used to categorize your access points and control access. For more information, see Using tags for attribute-based access control (ABAC). Required: No Type: Array of Tag Update requires: No interruption 
- VpcConfiguration
- 
                    If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC). Required: No Type: VpcConfiguration Update requires: Replacement 
Return values
Ref
Fn::GetAtt
- Arn
- 
                            The ARN of the access point. 
- NetworkOrigin
- 
                            The network configuration of the access point.