Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-s3objectlambda): Missing access to supportingAccessPoint #31950

Closed
2 tasks
lbustelo opened this issue Oct 30, 2024 · 3 comments · Fixed by #32661 or ryichk/todolist#19
Closed
2 tasks

(aws-s3objectlambda): Missing access to supportingAccessPoint #31950

lbustelo opened this issue Oct 30, 2024 · 3 comments · Fixed by #32661 or ryichk/todolist#19
Labels
@aws-cdk/aws-s3objectlambda effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@lbustelo
Copy link

Describe the feature

When using aws-s3objectlambda.AccessPoint construct, it manages the creation of an s3.CfnAccessPoint. Unfortunately, the instance of aws-s3objectlambda.AccessPoint does not expose this AccessPoint.

Use Case

After the creation of a new aws-s3objectlambda.AccessPoint, you typically need to create an IAM policy to allow the user to have necessary access to the S3 Object Lambda access point. An example of these are provided in this AWS doc. One of the policy statements grants access to the S3 AccessPoint (supporting AccessPoint)

{
      "Sid": "AllowStandardAccessPointAccess",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:us-east-1:111122223333:accesspoint/my-access-point/*",
      "Condition": {
        "ForAnyValue:StringEquals": {
          "aws:CalledVia": [
            "s3-object-lambda.amazonaws.com"
          ]
        }
      }
    },

Unfortunately, the supportedAccessPoint is not expose by this construct and there is not clear way of getting the ARN of this S3 AccessPoint.

Proposed Solution

Expose the ARN of the internally managed s3 AccessPoint created here.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.151.0

Environment details (OS name and version, etc.)

OSX 14.6.1 (Using the python bindings)
@lbustelo lbustelo added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Oct 30, 2024
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Oct 30, 2024
@khushail khushail self-assigned this Oct 30, 2024
This was referenced Nov 1, 2024
Closed
Closed
@khushail
Copy link
Contributor

khushail commented Nov 7, 2024
edited
Loading

@lbustelo , thanks for requesting this. it makes sense to expose this access point

However I see this CDK Example , where you can construct the access point arn.

Marking it as P2 as there are ways to construct it a stated in example but it would be good to have direct access. Contributions are welcome from the community.

@khushail khushail added p2 effort/small Small work item – less than a day of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Nov 7, 2024
@khushail khushail removed their assignment Nov 7, 2024
@tomoki10 tomoki10 mentioned this issue Dec 26, 2024
Merged
1 task
@mergify mergify bot closed this as completed in #32661 Jan 6, 2025
@mergify mergify bot closed this as completed in 0486b9c Jan 6, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 6, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 6, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 6, 2025
iankhou pushed a commit that referenced this issue Jan 13, 2025
@tomoki10
feat(s3objectlambda): open s3 access point arn (#32661)
ff60364 
### Issue # (if applicable)

Closes #31950 .

### Reason for this change

Previously, users needed to manually construct ARN strings when using S3AccessPoint. This update exposes the S3AccessPoint ARN directly to reduce implementation effort.

### Description of changes

This change makes the S3AccessPoint accessible as a property for reuse across the codebase.

### Describe any new or updated permissions being added

No

### Description of how you validated changes

- Added test cases to verify the newly exposed S3AccessPoint property in the existing unit test suite.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-s3objectlambda effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
2 participants
@lbustelo @khushail