access_points

Creates, updates, deletes or gets an access_point resource or lists access_points in a region

Overview

Name	`access_points`
Type	Resource
Description	The AWS::S3::AccessPoint resource is an Amazon S3 resource type that you can use to access buckets.
Id	`aws.s3.access_points`

Fields

Name	Datatype	Description
`name`	`string`	The name you want to assign to this Access Point. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the access point name.
`alias`	`string`	The alias of this Access Point. This alias can be used for compatibility purposes with other AWS services and third-party applications.
`bucket`	`string`	The name of the bucket that you want to associate this Access Point with.
`bucket_account_id`	`string`	The AWS account ID associated with the S3 bucket associated with this access point.
`vpc_configuration`	`object`	If you include this field, Amazon S3 restricts access to this Access Point to requests from the specified Virtual Private Cloud (VPC).
`public_access_block_configuration`	`object`	The PublicAccessBlock configuration that you want to apply to this Access Point. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status 'The Meaning of Public' in the Amazon Simple Storage Service Developer Guide.
`policy`	`object`	The Access Point Policy you want to apply to this access point.
`network_origin`	`string`	Indicates whether this Access Point allows access from the public Internet. If VpcConfiguration is specified for this Access Point, then NetworkOrigin is VPC, and the Access Point doesn't allow access from the public Internet. Otherwise, NetworkOrigin is Internet, and the Access Point allows access from the public Internet, subject to the Access Point and bucket access policies.
`arn`	`string`	The Amazon Resource Name (ARN) of the specified accesspoint.
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`Bucket, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all access_points in a region.

SELECT
region,
name,
alias,
bucket,
bucket_account_id,
vpc_configuration,
public_access_block_configuration,
policy,
network_origin,
arn
FROM aws.s3.access_points
WHERE region = 'us-east-1';

Gets all properties from an individual access_point.

SELECT
region,
name,
alias,
bucket,
bucket_account_id,
vpc_configuration,
public_access_block_configuration,
policy,
network_origin,
arn
FROM aws.s3.access_points
WHERE region = 'us-east-1' AND data__Identifier = '<Name>';

`INSERT` example

Use the following StackQL query and manifest file to create a new access_point resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.s3.access_points (
 Bucket,
 region
)
SELECT 
'{{ Bucket }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.s3.access_points (
 Name,
 Bucket,
 BucketAccountId,
 VpcConfiguration,
 PublicAccessBlockConfiguration,
 Policy,
 region
)
SELECT 
 '{{ Name }}',
 '{{ Bucket }}',
 '{{ BucketAccountId }}',
 '{{ VpcConfiguration }}',
 '{{ PublicAccessBlockConfiguration }}',
 '{{ Policy }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: access_point
    props:
      - name: Name
        value: '{{ Name }}'
      - name: Bucket
        value: '{{ Bucket }}'
      - name: BucketAccountId
        value: '{{ BucketAccountId }}'
      - name: VpcConfiguration
        value:
          VpcId: '{{ VpcId }}'
      - name: PublicAccessBlockConfiguration
        value:
          BlockPublicAcls: '{{ BlockPublicAcls }}'
          IgnorePublicAcls: '{{ IgnorePublicAcls }}'
          BlockPublicPolicy: '{{ BlockPublicPolicy }}'
          RestrictPublicBuckets: '{{ RestrictPublicBuckets }}'
      - name: Policy
        value: {}

`DELETE` example

/*+ delete */
DELETE FROM aws.s3.access_points
WHERE data__Identifier = '<Name>'
AND region = 'us-east-1';

Permissions

To operate on the access_points resource, the following permissions are required:

Create

s3:CreateAccessPoint,
s3:PutAccessPointPolicy,
s3:PutAccessPointPublicAccessBlock

Read

s3:GetAccessPoint,
s3:GetAccessPointPolicy

Update

s3:PutAccessPointPolicy,
s3:PutAccessPointPublicAccessBlock,
s3:DeleteAccessPointPolicy,
s3:GetAccessPoint,
s3:GetAccessPointPolicy

Delete

s3:DeleteAccessPointPolicy,
s3:DeleteAccessPoint

List

s3:ListAccessPoints

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​