(aws-s3objectlambda): Missing access to supportingAccessPoint

[lbustelo]

Describe the feature

When using aws-s3objectlambda.AccessPoint construct, it manages the creation of an s3.CfnAccessPoint. Unfortunately, the instance of aws-s3objectlambda.AccessPoint does not expose this AccessPoint.

Use Case

After the creation of a new aws-s3objectlambda.AccessPoint, you typically need to create an IAM policy to allow the user to have necessary access to the S3 Object Lambda access point. An example of these are provided in this AWS doc. One of the policy statements grants access to the S3 AccessPoint (supporting AccessPoint)

{
      "Sid": "AllowStandardAccessPointAccess",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:us-east-1:111122223333:accesspoint/my-access-point/*",
      "Condition": {
        "ForAnyValue:StringEquals": {
          "aws:CalledVia": [
            "s3-object-lambda.amazonaws.com"
          ]
        }
      }
    },

Unfortunately, the supportedAccessPoint is not expose by this construct and there is not clear way of getting the ARN of this S3 AccessPoint.

Proposed Solution

Expose the ARN of the internally managed s3 AccessPoint created here.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.151.0

Environment details (OS name and version, etc.)

OSX 14.6.1 (Using the python bindings)

[khushail]

@lbustelo , thanks for requesting this. it makes sense to expose this access point

However I see this CDK Example , where you can construct the access point arn.

Marking it as P2 as there are ways to construct it a stated in example but it would be good to have direct access. Contributions are welcome from the community.