As we speak, we’re asserting a brand new function of Amazon Easy Storage Service (Amazon S3) you should use to create normal goal buckets in your personal account regional namespace simplifying bucket creation and administration as your information storage wants develop in dimension and scope. You’ll be able to create normal goal bucket names throughout a number of AWS Areas with assurance that your required bucket names will at all times be out there so that you can use.
With this function, you’ll be able to predictably title and create normal goal buckets in your personal account regional namespace by appending your account’s distinctive suffix in your requested bucket title. For instance, I can create the bucket mybucket-123456789012-us-east-1-an in my account regional namespace. mybucket is the bucket title prefix that I specified, then I add my account regional suffix to the requested bucket title: -123456789012-us-east-1-an. If one other account tries to create buckets utilizing my account’s suffix, their requests can be mechanically rejected.
Your safety groups can use AWS Identification and Entry Administration (AWS IAM) insurance policies and AWS Organizations service management insurance policies to implement that your workers solely create buckets of their account regional namespace utilizing the brand new s3:x-amz-bucket-namespace situation key, serving to groups undertake the account regional namespace throughout your group.
Create your S3 bucket with account regional namespace in motion
To get began, select Create bucket within the Amazon S3 console. To create your bucket in your account regional namespace, select Account regional namespace. In case you select this selection, you’ll be able to create your bucket with any title that’s distinctive to your account and area.
This configuration helps the entire identical options as normal goal buckets within the world namespace. The one distinction is that solely your account can use bucket names along with your account’s suffix. The bucket title prefix and the account regional suffix mixed have to be between 3 and 63 characters lengthy.
Utilizing the AWS Command Line Interface (AWS CLI), you’ll be able to create a bucket with account regional namespace by specifying the x-amz-bucket-namespace:account-regional request header and offering a appropriate bucket title.
$ aws s3api create-bucket --bucket mybucket-123456789012-us-east-1-an
--bucket-namespace account-regional
--region us-east-1You should utilize the AWS SDK for Python (Boto3) to create a bucket with account regional namespace utilizing CreateBucket API request.
import boto3
class AccountRegionalBucketCreator:
"""Creates S3 buckets using account-regional namespace feature."""
ACCOUNT_REGIONAL_SUFFIX = "-an"
def __init__(self, s3_client, sts_client):
self.s3_client = s3_client
self.sts_client = sts_client
def create_account_regional_bucket(self, prefix):
"""
Creates an account-regional S3 bucket with the desired prefix.
Resolves caller AWS account ID utilizing the STS GetCallerIdentity API.
Format: ---an
"""
account_id = self.sts_client.get_caller_identity()['Account']
area = self.s3_client.meta.region_name
bucket_name = self._generate_account_regional_bucket_name(
prefix, account_id, area
)
params = {
"Bucket": bucket_name,
"BucketNamespace": "account-regional"
}
if area != "us-east-1":
params["CreateBucketConfiguration"] = {
"LocationConstraint": area
}
return self.s3_client.create_bucket(**params)
def _generate_account_regional_bucket_name(self, prefix, account_id, area):
return f"{prefix}-{account_id}-{region}{self.ACCOUNT_REGIONAL_SUFFIX}"
if __name__ == '__main__':
s3_client = boto3.shopper('s3')
sts_client = boto3.shopper('sts')
creator = AccountRegionalBucketCreator(s3_client, sts_client)
response = creator.create_account_regional_bucket('test-python-sdk')
print(f"Bucket created: {response}")You’ll be able to replace your infrastructure as code (IaC) instruments, resembling AWS CloudFormation, to simplify creating buckets in your account regional namespace. AWS CloudFormation provides the pseudo parameters, AWS::AccountId and AWS::Area, making it simple to construct CloudFormation templates that create account regional namespace buckets.
The next instance demonstrates how one can replace your current CloudFormation templates to start out creating buckets in your account regional namespace:
BucketName: !Sub "amzn-s3-demo-bucket-${AWS::AccountId}-${AWS::Region}-an"
BucketNamespace: "account-regional"Alternatively, it’s also possible to use the BucketNamePrefix property to replace your CloudFormation template. By utilizing the BucketNamePrefix, you’ll be able to present solely the shopper outlined portion of the bucket title after which it mechanically provides the account regional namespace suffix based mostly on the requesting AWS account and Area specified.
BucketNamePrefix: 'amzn-s3-demo-bucket'
BucketNamespace: "account-regional"
Utilizing these choices, you’ll be able to construct a customized CloudFormation template to simply create normal goal buckets in your account regional namespace.
Issues to know
You’ll be able to’t rename your current world buckets to bucket names with account regional namespace, however you’ll be able to create new normal goal buckets in your account regional namespace. Additionally, the account regional namespace is just supported for normal goal buckets. S3 desk buckets and vector buckets exist already in an account-level namespace and S3 listing buckets exist in a zonal namespace.
To be taught extra, go to Namespaces for normal goal buckets within the Amazon S3 Person Information.
Now out there
Creating normal goal buckets in your account regional namespace in Amazon S3 is now out there in 37 AWS Areas together with the AWS China and AWS GovCloud (US) Areas. You’ll be able to create normal goal buckets in your account regional namespace at no further value.
Give it a attempt within the Amazon S3 console immediately and ship suggestions to AWS re:Submit for Amazon S3 or by way of your standard AWS Help contacts.
— Channy
