Lambda — Access Point

Progress checklist

Base exports confirmed (AWS_REGION, BUCKET, BUCKET_ARN, FS_ID)
Access point created with root directory /lambda and POSIX UID/GID 1000
AP_ID and AP_ARN exported
Access point listed as available

Overview

Lambda cannot mount an S3 Files file system directly by file system ID — an access point is required. The access point sets the root directory the function sees at /mnt/s3files and the POSIX identity under which files are created.

Confirm base exports. Required

export AWS_REGION=ap-southeast-6
export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
export BUCKET=my-s3-files-bucket        # ← replace with your real bucket name
export BUCKET_ARN=arn:aws:s3:::${BUCKET}

export FS_ID=$(aws s3files list-file-systems \
  --region "$AWS_REGION" \
  --bucket "$BUCKET_ARN" \
  --query 'fileSystems[0].fileSystemId' \
  --output text)
echo "FS_ID=$FS_ID"

FS_ID must be fs-…. If it is None, complete File System first.

Create the access point. Required

export AP_ARN=$(aws s3files create-access-point \
  --file-system-id "$FS_ID" \
  --client-token "lambda-ap-$(date +%s)" \
  --posix-user "Uid=1000,Gid=1000" \
  --root-directory "Path=/lambda,CreationInfo={OwnerUid=1000,OwnerGid=1000,Permissions=755}" \
  --region "$AWS_REGION" \
  --query 'accessPoint.accessPointArn' \
  --output text)
echo "AP_ARN=$AP_ARN"

Resolve the access point ID. Required

export AP_ID=$(aws s3files list-access-points \
  --file-system-id "$FS_ID" \
  --region "$AWS_REGION" \
  --query 'accessPoints[0].accessPointId' \
  --output text)
echo "AP_ID=$AP_ID"

Confirm the access point is available. Required

aws s3files list-access-points \
  --file-system-id "$FS_ID" \
  --region "$AWS_REGION" \
  --query 'accessPoints[*].{Id:accessPointId,State:lifeCycleState,Root:rootDirectory.path}' \
  --output table

The State column must show available.

Next step

Continue to Attach to create the Lambda function and attach the access point.