AWS Access Points

Last Updated : 4 Feb, 2026

AWS S3 provides secure, scalable cloud storage with flexible access controls for modern data-driven businesses.

  • Enables efficient storage, management, and retrieval of large volumes of data.
  • Offers granular access control for users and applications.
  • Continuously evolves to handle increasing data complexity.
  • Supports scalable and secure cloud storage solutions for businesses of all sizes.

AWS Access Points:

AWS Access Points are a feature within Amazon S3 that simplify managing data access at scale for shared data sets in S3 buckets. They allow you to define access policies that are specific to the access point, providing more granular control over who can access the data and how they can access it. Access points are associated with an S3 bucket and provide dedicated access endpoints.

hr
Access Point


S3 Access Points

  • S3 Access Points are endpoints assosiated with an S3 bucket to provide controlled access to stored data.
  • They act as unique entry points, allowing different applications or users to access the same bucket in a structured way.
  • Each access point can have its own access policy, enabling fine-grained permission management.
  • Access can be restricted based on conditions such as requester identity, IP address, or VPC endpoint.

Creating S3 Access Points

In this lab exercise, we will demonstrate how to create an S3 Access Point and configure access policies to restrict access to specific datasets within an S3 bucket.

Step 1: Creating an S3 Bucket and Folders

  1. Log in to the AWS Management Console and navigate to the Amazon S3 service.
  2. Create a new S3 bucket with a unique name.
  3. Within the bucket, create three folders named dataset1, dataset2, and dataset3.
    CreateFolder
    fig. 2

Step 2: Configuring Bucket Policy

  1. navigate to the bucket permissions section in the amazon s3 console
  2. update the bucket policy to allow access only when requests originate from a specific s3 access point.
  3. use access point condition keys such as s3:AccessPointArn or s3:DataAccessPointArn to enforce access restrictions and prevent direct bucket access
  1. Policy
    fig. 3

Step 3: Creating an S3 Access Point

  1. Navigate to the access points section within the S3 service.
  2. Create a new access point and specify a unique name and configuration options.
  3. Configure the access point to allow access only to the desired folders within the bucket (dataset1).

Step 4: Creating an IAM User

  1. Navigate to the IAM service in the AWS Management Console.
  2. Create a new IAM user with a unique name (datauser1).
  3. Attach policies to the user that grant permissions to access S3 resources.
  4. Create a custom policy that restricts access to dataset1 within the S3 bucket.
    IAM_User
    fig. 4

Step 5: Testing Access Restrictions

  1. Use the credentials of datauser1 to access the S3 bucket.
  2. Attempt to upload files to dataset1, dataset2, and dataset3.
  3. Verify that datauser1 can only upload files to dataset1 and is denied access to the other datasets based on the configured access policies.
    UploadedSuccesfully
    fig. 5

By following these steps, you have successfully created an S3 Access Point and configured access policies to restrict access to specific datasets within an S3 bucket. This granular control over data access enhances security and ensures that only authorized users or applications can access sensitive data stored in the bucket. AWS Access Points and S3 Access Points are powerful tools for managing data access at scale and are essential components of a robust cloud storage strategy.

Comment
Article Tags:
DevOps
AWS

Explore