AWS::S3Vectors::VectorBucketPolicy - AWS CloudFormation
SyntaxPropertiesReturn values

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::S3Vectors::VectorBucketPolicy

The AWS::S3Vectors::VectorBucketPolicy resource defines an Amazon S3 vector bucket policy to control access to an Amazon S3 vector bucket.

Vector bucket policies are written in JSON and allow you to grant or deny permissions across all (or a subset of) objects within a vector bucket.

You must specify either VectorBucketName or VectorBucketArn to identify the target bucket.

To control how AWS CloudFormation handles the vector bucket policy when the stack is deleted, you can set a deletion policy for your policy. You can choose to retain the policy or to delete the policy. For more information, see DeletionPolicy attribute.

Permissions

The required permissions for CloudFormation to use are based on the operations that are performed on the stack.

  • Create

    • s3vectors:GetVectorBucketPolicy

    • s3vectors:PutVectorBucketPolicy

  • Read

    • s3vectors:GetVectorBucketPolicy

  • Update

    • s3vectors:GetVectorBucketPolicy

    • s3vectors:PutVectorBucketPolicy

  • Delete

    • s3vectors:GetVectorBucketPolicy

    • s3vectors:DeleteVectorBucketPolicy

  • List

    • s3vectors:GetVectorBucketPolicy

    • s3vectors:ListVectorBuckets

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::S3Vectors::VectorBucketPolicy",
  "Properties" : {
      "Policy" : Json,
      "VectorBucketArn" : String,
      "VectorBucketName" : String
    }
}

YAML

Type: AWS::S3Vectors::VectorBucketPolicy
Properties:
  Policy: Json
  VectorBucketArn: String
  VectorBucketName: String

Properties

Policy

A policy document containing permissions to add to the specified vector bucket. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM.

Required: Yes

Type: Json

Update requires: No interruption

VectorBucketArn

The Amazon Resource Name (ARN) of the S3 vector bucket to which the policy applies.

Required: No

Type: String

Update requires: Replacement

VectorBucketName

The name of the S3 vector bucket to which the policy applies.

Required: No

Type: String

Minimum: 3

Maximum: 63

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the vector bucket ARN.

Example: arn:aws:s3vectors:us-east-1:123456789012:bucket/amzn-s3-demo-vector-bucket

For more information about using the Ref function, see Ref.