You can create a VPC endpoint for Amazon S3 in AWS CloudFormation using the AWS::EC2::VPCEndpoint
resource type. Here’s an example of a CloudFormation template that creates a VPC endpoint for S3:
--- AWSTemplateFormatVersion: '2010-09-09' Resources: S3VPCEndpoint: Type: AWS::EC2::VPCEndpoint Properties: VpcId: !Ref VPC ServiceName: com.amazonaws.us-west-2.s3 RouteTableIds: - !Ref PublicRouteTable SubnetIds: - !Ref PublicSubnet1 - !Ref PublicSubnet2 SecurityGroupIds: - !Ref SecurityGroup PolicyDocument: Version: '2012-10-17' Statement: - Action: '*' Effect: Allow Principal: '*' Resource: '*' VpcEndpointType: Interface Parameters: VPC: Type: AWS::EC2::VPC::Id PublicRouteTable: Type: AWS::EC2::RouteTable::Id PublicSubnet1: Type: AWS::EC2::Subnet::Id PublicSubnet2: Type: AWS::EC2::Subnet::Id SecurityGroup: Type: AWS::EC2::SecurityGroup::Id
In this example, the AWS::EC2::VPCEndpoint
resource creates the VPC endpoint for Amazon S3, using the specified VPC ID, subnet IDs, security group ID, and endpoint type. The RouteTableIds
, SubnetIds
, and SecurityGroupIds
properties define the network resources to associate with the endpoint. The PolicyDocument
property defines the permissions for the endpoint.
Note: You will need to have the necessary IAM permissions to create VPC endpoints and CloudFormation templates in order to use this CloudFormation template. You can find more information on the necessary IAM permissions in the AWS documentation.