Ends in
00
days
00
hrs
00
mins
00
secs
LEARN MORE

Black Friday FINAL Week: ALL Courses at ROCK BOTTOM PRICES!

Amazon S3 Access Points

Managing access to your S3 buckets should be pretty easy using Amazon S3’s bucket policy. But as the number of your users and data grows, this easily becomes a complicated task. Provisioning access policies (who and where to access these objects) to these users could be a messy thing to do.

AWS added this feature called Access Points on S3 to resolve this current problem. Access Points can simplify things in terms of provisioning access to different users. With this feature, each user can have a dedicated access point on a bucket and each of these access points has its own policy. This is quite helpful when you have large data sets on a bucket that are accessed by different users and/or applications. An Access Point can also be restricted to a particular VPC which is very useful if you have tight data security requirements. 

Creating Access Points for your Bucket

For this demo, we want to grant download and upload access to our IAM user named QA to access our bucket. I have here a bucket named ‘s3-ap-demo’ in the Singapore region, this bucket was set up to accept only requests coming from an access point. By default, you can create up to 1000 access points on your account per region.  To create an access point, go to Bucket > Access Points then Create Access Point.

amazon s3 access point1

Here you’ll notice that you have an option to choose a network access type: Virtual Private Network if you want to restrict your access point to a VPC, or Internet if you want users outside your VPC to have access as well.

amazon s3 access point2
You can also manage public access configuration. We’ll just leave it as default to prevent all public access.

amazon s3 access point2

Here we can now create our Access Point Policy. For this example, we want to have our QA IAM account to have the GetObject and PutObject permission. Resource will be the ARN of our Access Point. Please note the following format for the resource:

arn:aws:s3:<region>:<accountid>:accesspoint/<accesspointname>/object/<your prefix>/*

IT Certification Category (English)728x90

You can also use the AWS Policy generator here or take a look at the policy examples here.

amazon s3 access point4After that, you may click “Save” and a confirmation message will appear.

amazon s3 access point5Now let’s login to our QA IAM User account and let’s try to download and upload some objects to the QA folder. 

amazon s3 access point9

As expected, we are not allowed to download/upload directly since we set this up to accept requests only from the Access Point.

amazon s3 access point6amazon s3 access point7

Now let’s try this again using an access point. Go to Bucket > Access Point then select the Access Point that we just created.

amazon s3 access point8

The access point enables us to download and upload files successfully on our folder.

amazon s3 access point10Uploaded test.txt file.

amazon s3 access point11Take note that the bucket can now be accessed in this format.

https://<accesspointname>-<accountid>.s3-accesspoint.<region>.amazonaws.com

Final Thoughts

Amazon S3 Access Points simplifies things by giving access permissions to users who are accessing a large number of data sets. But this is not the only use case of Access Points. We also discussed restricting an access point to a VPC. Likewise, you can use this to test your new policies. Lastly, this great feature is free!

 

Sources:

https://aws.amazon.com/s3/features/access-points/
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html

BLACK FRIDAY FINAL WEEK! All Courses at their ABSOLUTE LOWEST Prices!

Pass your AWS, Azure, and Google Cloud Certifications with the Tutorials Dojo Portal

Tutorials Dojo portal

Our Bestselling AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate Practice Exams

Enroll Now – Our AWS Practice Exams with 95% Passing Rate

AWS Practice Exams Tutorials Dojo

FREE AWS Cloud Practitioner Essentials Course!

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Browse Other Courses

Generic Category (English)300x250

Recent Posts

Written by: Lervin John Obando

Lervin is an experienced Cloud Systems Engineer with a strong background in managing and building solutions in Amazon Web Services (AWS) using primary services like EC2, S3, VPC, IAM, etc. He also has experience handling multi-cloud server infrastructures like Google Cloud Platform (GCP) and data-center operations across Linux and Windows platforms.He is an Associate Cloud Engineer – Google Cloud Certified, an AWS Certified Solutions Architect Associate, and an AWS Certified Cloud Practitioner. These certifications have proven his ability in architecting, deploying, and maintaining secure and efficient solutions applying the best practices across Amazon Web Services and Google Cloud Platform. Furthermore, he progressed his resourcefulness, analytical, and problem-solving skills when exposed to Network Administration, VMware Administration, Oracle Database, and SQL.He finished a degree in Bachelor of Science in Information Technology. His drive for continuous learning and grit for knowledge expansion and growth did not stop there. He also pursued various certifications and was able to pull them off, as mentioned above.As a Systems Engineer, stabilizing the systems and implementing strategic IT solutions are his primary commitment and value-added contributions to the organization in which he belongs. His core functions include resolving technical and cloud-related issues from routine to complex, running multiple command-line scripts, troubleshooting and networking, delivering recommendations and solutions for processes and facilities improvement, and providing excellent customer and client support.He is an outgoing and enthusiastic individual with a strong passion for music. During his free time, he loves to play guitar and travel with his motorcycle.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?

error: Content is protected !!