AccessPoint

The AccessPoint resource lets you manage AWS S3 AccessPoints which simplify data access management for shared datasets in S3.

Minimal Example

Create a basic S3 AccessPoint with required properties and a public access block configuration.

import AWS from "alchemy/aws/control";

const basicAccessPoint = await AWS.S3.AccessPoint("basicAccessPoint", {
  Bucket: "my-example-bucket",
  PublicAccessBlockConfiguration: {
    BlockPublicAcls: true,
    IgnorePublicAcls: true,
    BlockPublicPolicy: true,
    RestrictPublicBuckets: true
  }
});

Advanced Configuration

Configure an S3 AccessPoint with a specific VPC configuration and a policy to allow access only to certain AWS principals.

const advancedAccessPoint = await AWS.S3.AccessPoint("advancedAccessPoint", {
  Bucket: "my-example-bucket",
  VpcConfiguration: {
    VpcId: "vpc-123abc456",
    VpcEndpointId: "vpce-789xyz012"
  },
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          AWS: "arn:aws:iam::123456789012:user/exampleUser"
        },
        Action: "s3:GetObject",
        Resource: "arn:aws:s3:us-east-1:123456789012:accesspoint:advancedAccessPoint/object/*"
      }
    ]
  }
});

Using BucketAccountId

Create an S3 AccessPoint specifying the bucket account ID for cross-account access.

const crossAccountAccessPoint = await AWS.S3.AccessPoint("crossAccountAccessPoint", {
  Bucket: "my-example-bucket",
  BucketAccountId: "123456789012",
  Policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: "*",
        Action: "s3:*",
        Resource: "arn:aws:s3:us-east-1:123456789012:accesspoint:crossAccountAccessPoint"
      }
    ]
  }
});

Adopting Existing Resources

Adopt an existing S3 AccessPoint rather than failing if the resource already exists.

const adoptExistingAccessPoint = await AWS.S3.AccessPoint("adoptExistingAccessPoint", {
  Bucket: "my-example-bucket",
  adopt: true
});