AWS::S3::AccessGrant

S3 AccessGrant

The AWS::S3::AccessGrant resource is an Amazon S3 resource type representing permissions to a specific S3 bucket or prefix hosted in an S3 Access Grants instance.

Properties

7 configurable properties. 3 required. Click a row to see details.

Filter:

Property	Type	Flags
`AccessGrantsLocationId`	`string`	Required
`Grantee`	`Grantee`	Required
`Permission`	`string`	Required
`AccessGrantsLocationConfiguration`	`AccessGrantsLocationConfiguration`
`ApplicationArn`	`string`
`S3PrefixType`	`string`	Create-onlyWrite-only
`Tags`	`Array<Tag>`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`AccessGrantArn`	`string`	The Amazon Resource Name (ARN) of the specified access grant.
`AccessGrantId`	`string`	The ID assigned to this access grant.
`GrantScope`	`string`	The S3 path of the data to which you are granting access. It is a combination of the S3 path of the registered location and the subprefix.

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::S3::AccessGrant

Resources:
  MyResource:
    Type: AWS::S3::AccessGrant
    Properties:
      Grantee: "value"
      Permission: "READ"
      AccessGrantsLocationId: "my-accessgrantslocationid"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

s3:CreateAccessGrants3:TagResource

read

s3:GetAccessGrants3:ListTagsForResource

delete

s3:DeleteAccessGrant

list

s3:ListAccessGrants

update

s3:TagResources3:UntagResource

Get the S3 Cheat Sheet

Everything you need to know about S3 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceS3

Properties10

Required3

TaggingSupported

Primary IDAccessGrantId

Supported Operations

CreateReadDeleteListUpdate

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

S3PrefixTypeTags

Related Resources

External Links

AWS Documentation