PutAccessPointPolicy - Amazon Simple Storage Service

PutAccessPointPolicy

Note

This operation is not supported by directory buckets.

Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following actions are related to PutAccessPointPolicy:

Request Syntax

PUT /v20180820/accesspoint/name/policy HTTP/1.1 Host: s3-control.amazonaws.com x-amz-account-id: AccountId <?xml version="1.0" encoding="UTF-8"?> <PutAccessPointPolicyRequest xmlns="http://awss3control.amazonaws.com/doc/2018-08-20/"> <Policy>string</Policy> </PutAccessPointPolicyRequest>

URI Request Parameters

The request uses the following URI parameters.

name

The name of the access point that you want to associate with the specified policy.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the AWS SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/accesspoint/<my-accesspoint-name>. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.

Length Constraints: Minimum length of 3. Maximum length of 255.

Required: Yes

x-amz-account-id

The AWS account ID for owner of the bucket associated with the specified access point.

Length Constraints: Maximum length of 64.

Pattern: ^\d{12}$

Required: Yes

Request Body

The request accepts the following data in XML format.

PutAccessPointPolicyRequest

Root level tag for the PutAccessPointPolicyRequest parameters.

Required: Yes

Policy

The policy that you want to apply to the specified access point. For more information about access point policies, see Managing data access with Amazon S3 access points in the Amazon S3 User Guide.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Examples

Sample request syntax for the PutAccessPointPolicy action for Amazon S3 on Outposts access point

This example illustrates one usage of PutAccessPointPolicy.

PUT /v20180820/accesspoint/example-access-point/policy HTTP/1.1 Host: s3-outposts.<Region>.amazonaws.com Date: Wed, 28 Oct 2020 22:32:00 GMT Authorization: authorization string x-amz-account-id: example-account-id x-amz-outpost-id: op-01ac5d28a6a232904 <?xml version="1.0" encoding="UTF-8"?> <PutAccessPointPolicyRequest xmlns="http://awss3control.amazonaws.com/doc/2018-08-20/"> <Policy> { "Version":"2012-10-17", "Id":"AccessPointPolicy-for-example-access-point", "Statement":[ { "Sid":"st1", "Effect":"Allow", "Principal":{ "AWS":"example-account-id" }, "Action":"s3-outposts:*", "Resource":"arn:aws:s3-outposts:your-Region:example-account-id:outpost/op-01ac5d28a6a232904/accesspoint/example-access-point } ] } </Policy> </PutAccessPointPolicyRequest>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: