Ensure that your AWS S3 buckets are using DNS-compliant bucket names in order to adhere to AWS best practices and to benefit from new S3 features such as S3 Transfer Acceleration, to benefit from operational improvements and to receive support for virtual-host style access to buckets. In this conformity rule, a DNS-compliant name is an S3 bucket name that doesn't contain periods (i.e. '.'). The following examples are invalid S3 bucket names: '.myS3bucket', 'myS3bucket.' and 'my..S3bucket'. To enable AWS S3 Transfer Acceleration on a bucket or use a virtual hosted–style bucket with SSL, the bucket name must conform to DNS naming requirements and must not contain periods. Cloud Conformity recommends that you use '-' instead of '.' for your S3 bucket names to comply with DNS naming conventions.
This rule can help you with the following compliance standards:
- APRA
- MAS
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
efficiency
If you need to use your AWS S3 buckets over SSL, using periods (".") for their names will trigger certificate mismatch errors, therefore always use "-" instead of "." in bucket names for SSL.
Audit
To use virtual hosted–style buckets with SSL or enable S3 Transfer Acceleration feature, the names of these buckets cannot contain periods ("."). To identify any Amazon S3 bucket that has periods within the bucket name, perform the following:
Remediation / Resolution
Since you can't change (rename) S3 bucket names once you have created them, you'd have to create new buckets and copy everything to the new ones. To re-create any AWS S3 bucket with non–DNS compliant bucket name, perform the following:
References
- AWS Documentation
- Amazon Simple Storage Service (S3) FAQs
- Working with Amazon S3 Buckets
- Bucket Restrictions and Limitations
- Amazon S3 Transfer Acceleration
- AWS Command Line Interface (CLI) Documentation
- s3api
- list-buckets
- get-bucket-policy
- put-bucket-policy
- create-bucket
- s3api
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
DNS Compliant S3 Bucket Names
Risk level: Low