Managing access to shared datasets with access points (original) (raw)

Amazon S3 access points simplify data access for any AWS service or customer application that stores data in S3. Access points are named network endpoints that are attached to a data source such as a bucket, Amazon FSx for NetApp ONTAP volume, or Amazon FSx for OpenZFS volume. For information about working with buckets, seeGeneral purpose buckets overview. For information about working with FSx for NetApp ONTAP, see What is Amazon FSx for NetApp ONTAP in the FSx for ONTAP User Guide. For information about working with FSx for OpenZFS, see What is Amazon FSx for OpenZFS in the FSx for OpenZFS User Guide.

You can use access points to perform S3 object operations, such as GetObject andPutObject. Each access point has distinct permissions and network controls that S3 applies for any request that is made through that access point. Each endpoint enforces a customized access point policy that allow you to control use by resource, user, or other conditions. If your access point is attached to a bucket the access point policy works in conjunction with the underlying bucket policy. You can configure any access point to accept requests only from a virtual private cloud (VPC) to restrict Amazon S3 data access to a private network. You can also configure custom block public access settings for each access point.

Note

You can only use access points to perform operations on objects. You can't use access points to perform other Amazon S3 operations, such as deleting buckets or creating S3 Replication configurations. For a complete list of S3 operations that support access points, see Access point compatibility.

The topics in this section explain how to work with Amazon S3 access points. For topics on using access points with directory buckets see, Managing access to shared datasets in directory buckets with access points.

Topics

• Access points naming rules, restrictions, and limitations
• Referencing access points with ARNs, access point aliases, or virtual-hosted–style URIs
• Access point compatibility
• Configuring IAM policies for using access points
• Monitoring and logging access points
• Creating an access point
• Managing your Amazon S3 access points for general purpose buckets
• Using Amazon S3 access points for general purpose buckets
• Using tags with S3 Access Points for general purpose buckets

AWS managed policies

Naming rules, restrictions, and limitations

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.