What is S3 Access Point?

4 min readJan 8, 2023

Amazon S3 is used to store shared sets when data might be aggregated and accessed by a different application, teams and individuals, whether for analytic, ML, Real-time monitoring, or other data lake use cases. managing access to this shared bucket requires a single bucket policy that controls access for dozens to hundreds of applications with different permissions levels. As an application set grows, the bucket policy becomes more complex and time-consuming to manage and needs to be audited to make sure that changes don’t have an unexpected impact on another application.

Amazon S3 access points simplify managing data access at scale for shared data sets in S3. Access points are named network endpoints that are attached to buckets that you can use to use performS3 objects operations, such as GETOBJECTS and PUTOBJECTS each access point has distinct permissions and network controls that S3 applies for any request that is through that access point.

Creating Access Point-

Amazon S3 provides functionality for creating and managing access points you can S3 access points at no additional cost on new buckets as well as your existing buckets through the AWS management console command line AWS SDK and S3 REST API.

Access point contains a unique DNS name, you can add existing or new bucket with any name of your choice that should be unique within the AWS account and region.

Access points have amazon resource names(ARN) each S3 access point is configured.

Network origin-when you create an access point, you choose to make the access point, accessive from the Internet or from a specific VPC.

Block Public access- Amazon S3 access points support independent block public access settings for each access point.

Access points policy (optional) S3 access points can be configured with an access policy specific to a use case application, for example, you can create an access point for your S3 bucket that grant access to groups of user or application. An S3 access point could support a single user application, or groups of users applications, allowing separate management of access points.

Steps to Create-

Go to the bucket.

Click on Access Point.

Click on create Access point.

Put the name and other details.

Access Point Restrictions & Limitations-

You can only create access points for buckets that you own.

Each access point is associated with exactly one bucket, which you must specify when you create an access point after you create an access point you can not associate it with a different bucket. However, you can delete an access point and then create another one with some other name associated bucket.

After you create an access point you can not change its VPN.

Access points policies are limited to 20KB in Size.

you can create a maximum of 1000 access points per region. if you need more than 1,000 access points for a single region you can request a service quota increase.

You can not use access points as a destination for S3 cross-region replication.

Access points only support access over HTTPS.

What are Multi-Region Access Points-

Amazon S3 Multi-Region Access Points Gives you a global endpoint that applications you can use to meet your requests from S3 buckets located in multiple AWS Regions. You can use Multi-Region Access Points to build multi-region applications with the same architecture that’s used in a single Region, and then run those applications anywhere in the world. Instead of sending requests over the congested public internet, Multi-Region Access Points provide built-in network resilience with an acceleration of internet-based requests to Amazon S3.

It is a single EndPoint which gives you access to different buckets in different regions.