Skip to content
Alchemy
GitHubXDiscordRSS

AccessGrant

Learn how to create, update, and manage AWS S3 AccessGrants using Alchemy Cloud Control.

The AccessGrant resource lets you manage AWS S3 AccessGrants for granting permissions to objects in S3 buckets.

Minimal Example

Section titled “Minimal Example”

Create an AccessGrant that allows a specified grantee to read objects in an S3 bucket.

import AWS from "alchemy/aws/control";


const accessGrant = await AWS.S3.AccessGrant("basicAccessGrant", {
  Grantee: {
    Type: "CanonicalUser",
    Id: "12345abcde67890fghij12345klmnopqrstuvwx"
  },
  Permission: "READ",
  AccessGrantsLocationId: "myBucketLocationId",
  AccessGrantsLocationConfiguration: {
    Bucket: "my-example-bucket",
    Prefix: "documents/"
  }
});

Advanced Configuration

Section titled “Advanced Configuration”

Set up an AccessGrant with additional properties including a specific application ARN and tags.

const advancedAccessGrant = await AWS.S3.AccessGrant("advancedAccessGrant", {
  Grantee: {
    Type: "Group",
    URI: "http://acs.amazonaws.com/groups/global/AllUsers"
  },
  Permission: "WRITE",
  AccessGrantsLocationId: "myBucketLocationId",
  ApplicationArn: "arn:aws:lambda:us-east-1:123456789012:function:myFunction",
  Tags: [
    {
      Key: "Environment",
      Value: "Production"
    },
    {
      Key: "Project",
      Value: "DataAnalytics"
    }
  ]
});

Custom Prefix Type

Section titled “Custom Prefix Type”

Create an AccessGrant with a custom S3 prefix type for specific object path limitations.

const prefixAccessGrant = await AWS.S3.AccessGrant("prefixAccessGrant", {
  Grantee: {
    Type: "CanonicalUser",
    Id: "abcde12345fghij67890klmnopqrstuvwx"
  },
  Permission: "FULL_CONTROL",
  AccessGrantsLocationId: "myBucketLocationId",
  S3PrefixType: "SpecificPrefix",
  AccessGrantsLocationConfiguration: {
    Bucket: "my-example-bucket",
    Prefix: "images/uploads/"
  }
});

Adoption of Existing Resource

Section titled “Adoption of Existing Resource”

Adopt an existing AccessGrant instead of failing if it already exists.

const adoptAccessGrant = await AWS.S3.AccessGrant("adoptedAccessGrant", {
  Grantee: {
    Type: "CanonicalUser",
    Id: "zyxwvutsrqponmlkjihgfedcba9876543210"
  },
  Permission: "READ",
  AccessGrantsLocationId: "myBucketLocationId",
  adopt: true
});