aws.s3.AccessPoint
Explore with Pulumi AI
Provides a resource to manage an S3 Access Point.
NOTE on Access Points and Access Point Policies: This provider provides both a standalone Access Point Policy resource and an Access Point resource with a resource policy defined in-line. You cannot use an Access Point with in-line resource policy in conjunction with an Access Point Policy resource. Doing so will cause a conflict of policies and will overwrite the access point’s resource policy.
Advanced usage: To use a custom API endpoint for this resource, use the
s3control
endpoint provider configuration), not thes3
endpoint provider configuration.
This resource cannot be used with S3 directory buckets.
Example Usage
AWS Partition General Purpose Bucket
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.s3.BucketV2("example", {bucket: "example"});
const exampleAccessPoint = new aws.s3.AccessPoint("example", {
bucket: example.id,
name: "example",
});
import pulumi
import pulumi_aws as aws
example = aws.s3.BucketV2("example", bucket="example")
example_access_point = aws.s3.AccessPoint("example",
bucket=example.id,
name="example")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
Bucket: pulumi.String("example"),
})
if err != nil {
return err
}
_, err = s3.NewAccessPoint(ctx, "example", &s3.AccessPointArgs{
Bucket: example.ID(),
Name: pulumi.String("example"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.S3.BucketV2("example", new()
{
Bucket = "example",
});
var exampleAccessPoint = new Aws.S3.AccessPoint("example", new()
{
Bucket = example.Id,
Name = "example",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.AccessPoint;
import com.pulumi.aws.s3.AccessPointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new BucketV2("example", BucketV2Args.builder()
.bucket("example")
.build());
var exampleAccessPoint = new AccessPoint("exampleAccessPoint", AccessPointArgs.builder()
.bucket(example.id())
.name("example")
.build());
}
}
resources:
example:
type: aws:s3:BucketV2
properties:
bucket: example
exampleAccessPoint:
type: aws:s3:AccessPoint
name: example
properties:
bucket: ${example.id}
name: example
S3 on Outposts Bucket
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.s3control.Bucket("example", {bucket: "example"});
const exampleVpc = new aws.ec2.Vpc("example", {cidrBlock: "10.0.0.0/16"});
const exampleAccessPoint = new aws.s3.AccessPoint("example", {
bucket: example.arn,
name: "example",
vpcConfiguration: {
vpcId: exampleVpc.id,
},
});
import pulumi
import pulumi_aws as aws
example = aws.s3control.Bucket("example", bucket="example")
example_vpc = aws.ec2.Vpc("example", cidr_block="10.0.0.0/16")
example_access_point = aws.s3.AccessPoint("example",
bucket=example.arn,
name="example",
vpc_configuration={
"vpc_id": example_vpc.id,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3control"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := s3control.NewBucket(ctx, "example", &s3control.BucketArgs{
Bucket: pulumi.String("example"),
})
if err != nil {
return err
}
exampleVpc, err := ec2.NewVpc(ctx, "example", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
_, err = s3.NewAccessPoint(ctx, "example", &s3.AccessPointArgs{
Bucket: example.Arn,
Name: pulumi.String("example"),
VpcConfiguration: &s3.AccessPointVpcConfigurationArgs{
VpcId: exampleVpc.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.S3Control.Bucket("example", new()
{
BucketName = "example",
});
var exampleVpc = new Aws.Ec2.Vpc("example", new()
{
CidrBlock = "10.0.0.0/16",
});
var exampleAccessPoint = new Aws.S3.AccessPoint("example", new()
{
Bucket = example.Arn,
Name = "example",
VpcConfiguration = new Aws.S3.Inputs.AccessPointVpcConfigurationArgs
{
VpcId = exampleVpc.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3control.Bucket;
import com.pulumi.aws.s3control.BucketArgs;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.s3.AccessPoint;
import com.pulumi.aws.s3.AccessPointArgs;
import com.pulumi.aws.s3.inputs.AccessPointVpcConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Bucket("example", BucketArgs.builder()
.bucket("example")
.build());
var exampleVpc = new Vpc("exampleVpc", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.build());
var exampleAccessPoint = new AccessPoint("exampleAccessPoint", AccessPointArgs.builder()
.bucket(example.arn())
.name("example")
.vpcConfiguration(AccessPointVpcConfigurationArgs.builder()
.vpcId(exampleVpc.id())
.build())
.build());
}
}
resources:
example:
type: aws:s3control:Bucket
properties:
bucket: example
exampleAccessPoint:
type: aws:s3:AccessPoint
name: example
properties:
bucket: ${example.arn}
name: example
vpcConfiguration:
vpcId: ${exampleVpc.id}
exampleVpc:
type: aws:ec2:Vpc
name: example
properties:
cidrBlock: 10.0.0.0/16
Create AccessPoint Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessPoint(name: string, args: AccessPointArgs, opts?: CustomResourceOptions);
@overload
def AccessPoint(resource_name: str,
args: AccessPointArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessPoint(resource_name: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
account_id: Optional[str] = None,
bucket_account_id: Optional[str] = None,
name: Optional[str] = None,
policy: Optional[str] = None,
public_access_block_configuration: Optional[AccessPointPublicAccessBlockConfigurationArgs] = None,
vpc_configuration: Optional[AccessPointVpcConfigurationArgs] = None)
func NewAccessPoint(ctx *Context, name string, args AccessPointArgs, opts ...ResourceOption) (*AccessPoint, error)
public AccessPoint(string name, AccessPointArgs args, CustomResourceOptions? opts = null)
public AccessPoint(String name, AccessPointArgs args)
public AccessPoint(String name, AccessPointArgs args, CustomResourceOptions options)
type: aws:s3:AccessPoint
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessPointArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessPointArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessPointArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessPointArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessPointArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var awsAccessPointResource = new Aws.S3.AccessPoint("awsAccessPointResource", new()
{
Bucket = "string",
AccountId = "string",
BucketAccountId = "string",
Name = "string",
Policy = "string",
PublicAccessBlockConfiguration = new Aws.S3.Inputs.AccessPointPublicAccessBlockConfigurationArgs
{
BlockPublicAcls = false,
BlockPublicPolicy = false,
IgnorePublicAcls = false,
RestrictPublicBuckets = false,
},
VpcConfiguration = new Aws.S3.Inputs.AccessPointVpcConfigurationArgs
{
VpcId = "string",
},
});
example, err := s3.NewAccessPoint(ctx, "awsAccessPointResource", &s3.AccessPointArgs{
Bucket: pulumi.String("string"),
AccountId: pulumi.String("string"),
BucketAccountId: pulumi.String("string"),
Name: pulumi.String("string"),
Policy: pulumi.String("string"),
PublicAccessBlockConfiguration: &s3.AccessPointPublicAccessBlockConfigurationArgs{
BlockPublicAcls: pulumi.Bool(false),
BlockPublicPolicy: pulumi.Bool(false),
IgnorePublicAcls: pulumi.Bool(false),
RestrictPublicBuckets: pulumi.Bool(false),
},
VpcConfiguration: &s3.AccessPointVpcConfigurationArgs{
VpcId: pulumi.String("string"),
},
})
var awsAccessPointResource = new AccessPoint("awsAccessPointResource", AccessPointArgs.builder()
.bucket("string")
.accountId("string")
.bucketAccountId("string")
.name("string")
.policy("string")
.publicAccessBlockConfiguration(AccessPointPublicAccessBlockConfigurationArgs.builder()
.blockPublicAcls(false)
.blockPublicPolicy(false)
.ignorePublicAcls(false)
.restrictPublicBuckets(false)
.build())
.vpcConfiguration(AccessPointVpcConfigurationArgs.builder()
.vpcId("string")
.build())
.build());
aws_access_point_resource = aws.s3.AccessPoint("awsAccessPointResource",
bucket="string",
account_id="string",
bucket_account_id="string",
name="string",
policy="string",
public_access_block_configuration={
"block_public_acls": False,
"block_public_policy": False,
"ignore_public_acls": False,
"restrict_public_buckets": False,
},
vpc_configuration={
"vpc_id": "string",
})
const awsAccessPointResource = new aws.s3.AccessPoint("awsAccessPointResource", {
bucket: "string",
accountId: "string",
bucketAccountId: "string",
name: "string",
policy: "string",
publicAccessBlockConfiguration: {
blockPublicAcls: false,
blockPublicPolicy: false,
ignorePublicAcls: false,
restrictPublicBuckets: false,
},
vpcConfiguration: {
vpcId: "string",
},
});
type: aws:s3:AccessPoint
properties:
accountId: string
bucket: string
bucketAccountId: string
name: string
policy: string
publicAccessBlockConfiguration:
blockPublicAcls: false
blockPublicPolicy: false
ignorePublicAcls: false
restrictPublicBuckets: false
vpcConfiguration:
vpcId: string
AccessPoint Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessPoint resource accepts the following input properties:
- Bucket string
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- Account
Id string - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- Bucket
Account stringId - AWS account ID associated with the S3 bucket associated with this access point.
- Name string
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- Policy string
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - Public
Access AccessBlock Configuration Point Public Access Block Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - Vpc
Configuration AccessPoint Vpc Configuration - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- Bucket string
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- Account
Id string - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- Bucket
Account stringId - AWS account ID associated with the S3 bucket associated with this access point.
- Name string
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- Policy string
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - Public
Access AccessBlock Configuration Point Public Access Block Configuration Args - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - Vpc
Configuration AccessPoint Vpc Configuration Args - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- bucket String
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- account
Id String - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- bucket
Account StringId - AWS account ID associated with the S3 bucket associated with this access point.
- name String
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- policy String
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public
Access AccessBlock Configuration Point Public Access Block Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc
Configuration AccessPoint Vpc Configuration - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- bucket string
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- account
Id string - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- bucket
Account stringId - AWS account ID associated with the S3 bucket associated with this access point.
- name string
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- policy string
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public
Access AccessBlock Configuration Point Public Access Block Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc
Configuration AccessPoint Vpc Configuration - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- bucket str
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- account_
id str - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- bucket_
account_ strid - AWS account ID associated with the S3 bucket associated with this access point.
- name str
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- policy str
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public_
access_ Accessblock_ configuration Point Public Access Block Configuration Args - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc_
configuration AccessPoint Vpc Configuration Args - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- bucket String
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- account
Id String - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- bucket
Account StringId - AWS account ID associated with the S3 bucket associated with this access point.
- name String
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- policy String
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public
Access Property MapBlock Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc
Configuration Property Map - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessPoint resource produces the following output properties:
- Alias string
- Alias of the S3 Access Point.
- Arn string
- ARN of the S3 Access Point.
- Domain
Name string - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - Endpoints Dictionary<string, string>
- VPC endpoints for the S3 Access Point.
- Has
Public boolAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- Id string
- The provider-assigned unique ID for this managed resource.
- Network
Origin string - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies).
- Alias string
- Alias of the S3 Access Point.
- Arn string
- ARN of the S3 Access Point.
- Domain
Name string - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - Endpoints map[string]string
- VPC endpoints for the S3 Access Point.
- Has
Public boolAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- Id string
- The provider-assigned unique ID for this managed resource.
- Network
Origin string - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies).
- alias String
- Alias of the S3 Access Point.
- arn String
- ARN of the S3 Access Point.
- domain
Name String - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints Map<String,String>
- VPC endpoints for the S3 Access Point.
- has
Public BooleanAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- id String
- The provider-assigned unique ID for this managed resource.
- network
Origin String - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies).
- alias string
- Alias of the S3 Access Point.
- arn string
- ARN of the S3 Access Point.
- domain
Name string - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints {[key: string]: string}
- VPC endpoints for the S3 Access Point.
- has
Public booleanAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- id string
- The provider-assigned unique ID for this managed resource.
- network
Origin string - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies).
- alias str
- Alias of the S3 Access Point.
- arn str
- ARN of the S3 Access Point.
- domain_
name str - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints Mapping[str, str]
- VPC endpoints for the S3 Access Point.
- has_
public_ boolaccess_ policy - Indicates whether this access point currently has a policy that allows public access.
- id str
- The provider-assigned unique ID for this managed resource.
- network_
origin str - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies).
- alias String
- Alias of the S3 Access Point.
- arn String
- ARN of the S3 Access Point.
- domain
Name String - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints Map<String>
- VPC endpoints for the S3 Access Point.
- has
Public BooleanAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- id String
- The provider-assigned unique ID for this managed resource.
- network
Origin String - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies).
Look up Existing AccessPoint Resource
Get an existing AccessPoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessPointState, opts?: CustomResourceOptions): AccessPoint
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
alias: Optional[str] = None,
arn: Optional[str] = None,
bucket: Optional[str] = None,
bucket_account_id: Optional[str] = None,
domain_name: Optional[str] = None,
endpoints: Optional[Mapping[str, str]] = None,
has_public_access_policy: Optional[bool] = None,
name: Optional[str] = None,
network_origin: Optional[str] = None,
policy: Optional[str] = None,
public_access_block_configuration: Optional[AccessPointPublicAccessBlockConfigurationArgs] = None,
vpc_configuration: Optional[AccessPointVpcConfigurationArgs] = None) -> AccessPoint
func GetAccessPoint(ctx *Context, name string, id IDInput, state *AccessPointState, opts ...ResourceOption) (*AccessPoint, error)
public static AccessPoint Get(string name, Input<string> id, AccessPointState? state, CustomResourceOptions? opts = null)
public static AccessPoint get(String name, Output<String> id, AccessPointState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- Alias string
- Alias of the S3 Access Point.
- Arn string
- ARN of the S3 Access Point.
- Bucket string
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- Bucket
Account stringId - AWS account ID associated with the S3 bucket associated with this access point.
- Domain
Name string - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - Endpoints Dictionary<string, string>
- VPC endpoints for the S3 Access Point.
- Has
Public boolAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- Name string
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- Network
Origin string - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies). - Policy string
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - Public
Access AccessBlock Configuration Point Public Access Block Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - Vpc
Configuration AccessPoint Vpc Configuration - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- Account
Id string - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- Alias string
- Alias of the S3 Access Point.
- Arn string
- ARN of the S3 Access Point.
- Bucket string
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- Bucket
Account stringId - AWS account ID associated with the S3 bucket associated with this access point.
- Domain
Name string - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - Endpoints map[string]string
- VPC endpoints for the S3 Access Point.
- Has
Public boolAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- Name string
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- Network
Origin string - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies). - Policy string
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - Public
Access AccessBlock Configuration Point Public Access Block Configuration Args - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - Vpc
Configuration AccessPoint Vpc Configuration Args - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- account
Id String - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- alias String
- Alias of the S3 Access Point.
- arn String
- ARN of the S3 Access Point.
- bucket String
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- bucket
Account StringId - AWS account ID associated with the S3 bucket associated with this access point.
- domain
Name String - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints Map<String,String>
- VPC endpoints for the S3 Access Point.
- has
Public BooleanAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- name String
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- network
Origin String - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies). - policy String
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public
Access AccessBlock Configuration Point Public Access Block Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc
Configuration AccessPoint Vpc Configuration - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- account
Id string - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- alias string
- Alias of the S3 Access Point.
- arn string
- ARN of the S3 Access Point.
- bucket string
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- bucket
Account stringId - AWS account ID associated with the S3 bucket associated with this access point.
- domain
Name string - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints {[key: string]: string}
- VPC endpoints for the S3 Access Point.
- has
Public booleanAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- name string
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- network
Origin string - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies). - policy string
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public
Access AccessBlock Configuration Point Public Access Block Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc
Configuration AccessPoint Vpc Configuration - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- account_
id str - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- alias str
- Alias of the S3 Access Point.
- arn str
- ARN of the S3 Access Point.
- bucket str
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- bucket_
account_ strid - AWS account ID associated with the S3 bucket associated with this access point.
- domain_
name str - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints Mapping[str, str]
- VPC endpoints for the S3 Access Point.
- has_
public_ boolaccess_ policy - Indicates whether this access point currently has a policy that allows public access.
- name str
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- network_
origin str - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies). - policy str
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public_
access_ Accessblock_ configuration Point Public Access Block Configuration Args - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc_
configuration AccessPoint Vpc Configuration Args - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
- account
Id String - AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the AWS provider.
- alias String
- Alias of the S3 Access Point.
- arn String
- ARN of the S3 Access Point.
- bucket String
- Name of an AWS Partition S3 General Purpose Bucket or the ARN of S3 on Outposts Bucket that you want to associate this access point with.
- bucket
Account StringId - AWS account ID associated with the S3 bucket associated with this access point.
- domain
Name String - DNS domain name of the S3 Access Point in the format
name
-account_id
.s3-accesspoint.region.amazonaws.com. Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. - endpoints Map<String>
- VPC endpoints for the S3 Access Point.
- has
Public BooleanAccess Policy - Indicates whether this access point currently has a policy that allows public access.
- name String
Name you want to assign to this access point. See the AWS documentation for naming conditions.
The following arguments are optional:
- network
Origin String - Indicates whether this access point allows access from the public Internet. Values are
VPC
(the access point doesn't allow access from the public Internet) andInternet
(the access point allows access from the public Internet, subject to the access point and bucket access policies). - policy String
- Valid JSON document that specifies the policy that you want to apply to this access point. Removing
policy
from your configuration or settingpolicy
to null or an empty string (i.e.,policy = ""
) will not delete the policy since it could have been set byaws.s3control.AccessPointPolicy
. To remove thepolicy
, set it to"{}"
(an empty JSON document). - public
Access Property MapBlock Configuration - Configuration block to manage the
PublicAccessBlock
configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below. - vpc
Configuration Property Map - Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.
Supporting Types
AccessPointPublicAccessBlockConfiguration, AccessPointPublicAccessBlockConfigurationArgs
- Block
Public boolAcls - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
- Block
Public boolPolicy - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
- Ignore
Public boolAcls - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
- Restrict
Public boolBuckets - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
- Block
Public boolAcls - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
- Block
Public boolPolicy - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
- Ignore
Public boolAcls - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
- Restrict
Public boolBuckets - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
- block
Public BooleanAcls - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
- block
Public BooleanPolicy - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
- ignore
Public BooleanAcls - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
- restrict
Public BooleanBuckets - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
- block
Public booleanAcls - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
- block
Public booleanPolicy - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
- ignore
Public booleanAcls - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
- restrict
Public booleanBuckets - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
- block_
public_ boolacls - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
- block_
public_ boolpolicy - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
- ignore_
public_ boolacls - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
- restrict_
public_ boolbuckets - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
- block
Public BooleanAcls - Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.
- PUT Object calls fail if the request includes a public ACL.
- PUT Bucket calls fail if the request includes a public ACL.
- block
Public BooleanPolicy - Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
- ignore
Public BooleanAcls - Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to
true
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
- restrict
Public BooleanBuckets - Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to
true
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
AccessPointVpcConfiguration, AccessPointVpcConfigurationArgs
- Vpc
Id string - This access point will only allow connections from the specified VPC ID.
- Vpc
Id string - This access point will only allow connections from the specified VPC ID.
- vpc
Id String - This access point will only allow connections from the specified VPC ID.
- vpc
Id string - This access point will only allow connections from the specified VPC ID.
- vpc_
id str - This access point will only allow connections from the specified VPC ID.
- vpc
Id String - This access point will only allow connections from the specified VPC ID.
Import
Import using the ARN for Access Points associated with an S3 on Outposts Bucket:
Using pulumi import
to import. For example:
Import using the account_id
and name
separated by a colon (:
) for Access Points associated with an AWS Partition S3 Bucket:
$ pulumi import aws:s3/accessPoint:AccessPoint example 123456789012:example
Import using the ARN for Access Points associated with an S3 on Outposts Bucket:
$ pulumi import aws:s3/accessPoint:AccessPoint example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-1234567890123456/accesspoint/example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.