This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::S3Express::AccessPoint Access points simplify managing data access at scale for shared datasets in Amazon S3. Access points are unique hostnames you create to enforce distinct permissions and network controls for all requests made through an access point. You can create hundreds of access points per bucket, each with a distinct name and permissions customized for each application. Each access point works in conjunction with the bucket policy that is attached to the underlying bucket. For more information, see [Managing access to shared datasets in directory buckets with access points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-directory-buckets.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::S3Express::AccessPoint", "Properties" : { "[Bucket](#cfn-s3express-accesspoint-bucket)" : String, "[BucketAccountId](#cfn-s3express-accesspoint-bucketaccountid)" : String, "[Name](#cfn-s3express-accesspoint-name)" : String, "[Policy](#cfn-s3express-accesspoint-policy)" : Json, "[PublicAccessBlockConfiguration](#cfn-s3express-accesspoint-publicaccessblockconfiguration)" : PublicAccessBlockConfiguration, "[Scope](#cfn-s3express-accesspoint-scope)" : Scope, "[Tags](#cfn-s3express-accesspoint-tags)" : [ Tag, ... ], "[VpcConfiguration](#cfn-s3express-accesspoint-vpcconfiguration)" : VpcConfiguration } } ``` ### YAML ``` Type: AWS::S3Express::AccessPoint Properties: [Bucket](#cfn-s3express-accesspoint-bucket): String [BucketAccountId](#cfn-s3express-accesspoint-bucketaccountid): String [Name](#cfn-s3express-accesspoint-name): String [Policy](#cfn-s3express-accesspoint-policy): Json [PublicAccessBlockConfiguration](#cfn-s3express-accesspoint-publicaccessblockconfiguration): PublicAccessBlockConfiguration [Scope](#cfn-s3express-accesspoint-scope): Scope [Tags](#cfn-s3express-accesspoint-tags): - Tag [VpcConfiguration](#cfn-s3express-accesspoint-vpcconfiguration): VpcConfiguration ``` ## Properties `Bucket` The name of the bucket that you want to associate the access point with. *Required*: Yes *Type*: String *Minimum*: `3` *Maximum*: `255` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `BucketAccountId` The AWS account ID that owns the bucket associated with this access point. *Required*: No *Type*: String *Pattern*: `^\d{12}$` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Name` An access point name consists of a base name you provide, followed by the zoneID (AWS Local Zone) followed by the prefix `--xa-s3`. For example, accesspointname--zoneID--xa-s3. *Required*: No *Type*: String *Pattern*: `^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$` *Minimum*: `3` *Maximum*: `50` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Policy` The access point policy associated with the specified access point. *Required*: No *Type*: Json *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PublicAccessBlockConfiguration` Public access is blocked by default to access points for directory buckets. *Required*: No *Type*: [PublicAccessBlockConfiguration](aws-properties-s3express-accesspoint-publicaccessblockconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Scope` You can use the access point scope to restrict access to specific prefixes, API operations, or a combination of both. For more information, see [Manage the scope of your access points for directory buckets.](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-directory-buckets-manage-scope.html) *Required*: No *Type*: [Scope](aws-properties-s3express-accesspoint-scope.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` An array of tags that you can apply to access points. Tags are key-value pairs of metadata used to categorize your access points and control access. For more information, see [Using tags for attribute-based access control (ABAC)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging.html#using-tags-for-abac). *Required*: No *Type*: Array of [Tag](aws-properties-s3express-accesspoint-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VpcConfiguration` If you include this field, Amazon S3 restricts access to this access point to requests from the specified virtual private cloud (VPC). *Required*: No *Type*: [VpcConfiguration](aws-properties-s3express-accesspoint-vpcconfiguration.md) *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref ### Fn::GetAtt #### `Arn` The ARN of the access point. `NetworkOrigin` The network configuration of the access point.