Ensure that your AWS S3 buckets are using DNS-compliant bucket names in order to adhere to AWS best practices and to benefit from new S3 features such as S3 Transfer Acceleration, to benefit from operational improvements and to receive support for virtual-host style access to buckets. In this conformity rule, a DNS-compliant name is an S3 bucket name that doesn't contain periods (i.e. '.'). The following examples are invalid S3 bucket names: '.myS3bucket', 'myS3bucket.' and 'my..S3bucket'. To enable AWS S3 Transfer Acceleration on a bucket or use a virtual hosted–style bucket with SSL, the bucket name must conform to DNS naming requirements and must not contain periods. Cloud Conformity recommends that you use '-' instead of '.' for your S3 bucket names to comply with DNS naming conventions.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
If you need to use your AWS S3 buckets over SSL, using periods (".") for their names will trigger certificate mismatch errors, therefore always use "-" instead of "." in bucket names for SSL.
To use virtual hosted–style buckets with SSL or enable S3 Transfer Acceleration feature, the names of these buckets cannot contain periods ("."). To identify any Amazon S3 bucket that has periods within the bucket name, perform the following:
Remediation / Resolution
Since you can't change (rename) S3 bucket names once you have created them, you'd have to create new buckets and copy everything to the new ones. To re-create any AWS S3 bucket with non–DNS compliant bucket name, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
DNS Compliant S3 Bucket Names
Risk level: Low