Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Can we create a S3 access point alias with a predefined prefix

1

I have a S3 bucket that contains shared information from multiple consumer applications. I am creating a dedicated path (prefix) for each consumer in the S3, and creating a access point with access to that prefix. Is there a way, I can share only the access point alias, without the prefix information, with the consumer? i.e. when the consumer uses the access point alias to put files, can I configure it in such a way that those files will be added to the specific path (prefix) corresponding to that access point?

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
asked 2 years ago1.1K views
1 Answer
-2

Hello,

Yes, that's possible using S3 access points.

  1. Create a S3 bucket and dedicated prefixes for each consumer application in the bucket, e.g., s3://your-bucket/prefix1/, s3://your-bucket/prefix2/.
  2. Create an S3 Access Point(AccessPointA and AccessPointB) for each consumer application and specify the bucket name along with Prefix the application must have access.
  3. Each access point can have its own policy to further ensure that uploads are restricted to the correct prefix. Here’s how you can set this up for Access PointA
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowPutObject",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:region:account-id:accesspoint/AccessPointA/object/prefix1/*""
    }
  ]
}
  1. Add the access point policy to the other AccessPointB restricted to dedicated prefix2.
  2. Test that the files are uploaded to dedicated prefixes inside the S3 bucket using the respective Access Point alias.

Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html

EXPERT
answered 2 years ago
  • Phanee
    2 years ago

    Thanks for the response.

    I tried with the exact configuration as suggested and following is the outcome:

    1. Trying to upload file only with access point alias without prefix $ aws s3 cp log.txt s3://AccessPointA-alias/ upload failed: ./log.txt to s3://AccessPointA-alias/log.txt An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

    2. Trying to upload file with access point alias along with prefix $ aws s3 cp log.txt s3://AccessPointA-alias/prefix1/ upload: ./log.txt to s3://AccessPointA-alias/prefix1/log.txt

    The consumer must specify the prefix when using the access point alias. I want to hide the prefix information from the consumer, and provide them only the AP-alias. Is it possible?

  • rePostReReadReTry
    a year ago

    Your answer simply directs "2. Create an S3 Access Point for each consumer application and specify the bucket name along with Prefix" but doesn't say how to do that -- specifically, the part about how we specify the prefix, which is the whole point of the question. The AWS web Console doesn't allow prefixes to be given when creating the access point, as far as I can tell, and I'm in the same situation as the original poster.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content