MultiRegionAccessPointPolicy
The MultiRegionAccessPointPolicy resource lets you manage policies associated with AWS S3 Multi-Region Access Points, allowing you to control access to your S3 data across multiple regions. For more information, refer to the AWS S3 MultiRegionAccessPointPolicys documentation.
Minimal Example
Section titled “Minimal Example”Create a basic MultiRegionAccessPointPolicy with required properties.
import AWS from "alchemy/aws/control";
const multiRegionAccessPointPolicy = await AWS.S3.MultiRegionAccessPointPolicy("myAccessPointPolicy", { Policy: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: "*", Action: "s3:GetObject", Resource: "arn:aws:s3::my-multi-region-access-point/*", Condition: { StringEquals: { "aws:SourceAccount": "123456789012" } } } ] }, MrapName: "myMultiRegionAccessPoint", adopt: true});Advanced Configuration
Section titled “Advanced Configuration”Configure a MultiRegionAccessPointPolicy with a more complex policy structure.
const advancedPolicy = await AWS.S3.MultiRegionAccessPointPolicy("advancedAccessPointPolicy", { Policy: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { AWS: "arn:aws:iam::123456789012:role/MyRole" }, Action: [ "s3:GetObject", "s3:PutObject" ], Resource: "arn:aws:s3:::my-multi-region-access-point/*", Condition: { IpAddress: { "aws:SourceIp": "203.0.113.0/24" } } } ] }, MrapName: "myAdvancedMultiRegionAccessPoint", adopt: false});Example with Conditional Access
Section titled “Example with Conditional Access”This example demonstrates a policy that restricts access based on the time of day.
const timeRestrictedPolicy = await AWS.S3.MultiRegionAccessPointPolicy("timeRestrictedPolicy", { Policy: { Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: "*", Action: "s3:GetObject", Resource: "arn:aws:s3:::my-multi-region-access-point/*", Condition: { NumericLessThanEquals: { "aws:CurrentTime": "16:00:00" } } } ] }, MrapName: "myTimeRestrictedAccessPoint", adopt: true});