You can create a VPC endpoint for Amazon S3 in AWS CloudFormation using the AWS::EC2::VPCEndpoint resource type. Here’s an example of a CloudFormation template that creates a VPC endpoint for S3:
---
AWSTemplateFormatVersion: '2010-09-09'
Resources:
S3VPCEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VPC
ServiceName: com.amazonaws.us-west-2.s3
RouteTableIds:
- !Ref PublicRouteTable
SubnetIds:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
SecurityGroupIds:
- !Ref SecurityGroup
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action: '*'
Effect: Allow
Principal: '*'
Resource: '*'
VpcEndpointType: Interface
Parameters:
VPC:
Type: AWS::EC2::VPC::Id
PublicRouteTable:
Type: AWS::EC2::RouteTable::Id
PublicSubnet1:
Type: AWS::EC2::Subnet::Id
PublicSubnet2:
Type: AWS::EC2::Subnet::Id
SecurityGroup:
Type: AWS::EC2::SecurityGroup::Id
In this example, the AWS::EC2::VPCEndpoint resource creates the VPC endpoint for Amazon S3, using the specified VPC ID, subnet IDs, security group ID, and endpoint type. The RouteTableIds, SubnetIds, and SecurityGroupIds properties define the network resources to associate with the endpoint. The PolicyDocument property defines the permissions for the endpoint.
Note: You will need to have the necessary IAM permissions to create VPC endpoints and CloudFormation templates in order to use this CloudFormation template. You can find more information on the necessary IAM permissions in the AWS documentation.