Ensure that your Amazon S3 buckets are using DNS-compliant bucket names in order to adhere to AWS cloud best practices and to benefit from operational improvements, support for virtual host-style access to buckets, and new Amazon S3 features such as S3 Transfer Acceleration. For this conformity rule, a DNS-compliant name is a bucket name that doesn't contain periods (i.e. "."). The following examples are invalid S3 bucket names: ".myS3bucket", "myS3bucket." and "my..S3bucket". To enable S3 Transfer Acceleration on a bucket or use a virtual hosted–style bucket with SSL, the bucket name must conform to DNS naming requirements and must not contain periods. Trend Cloud One™ – Conformity recommends that you use "-" instead of "." for your S3 bucket names to comply with DNS naming conventions.
This rule can help you with the following compliance standards:
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
If you need to use your Amazon S3 buckets over SSL, using periods (".") for their names will trigger certificate mismatch errors, therefore it is strongly recommended that you always use "-" instead of "." for S3 bucket names.
Audit
To use virtual hosted–style buckets with SSL or enable S3 Transfer Acceleration feature, the names of these buckets cannot contain periods ("."). To identify any Amazon S3 bucket that has periods within the bucket name, perform the following actions:
Remediation / Resolution
Since you can't change (rename) S3 bucket names once you have created them, you must create new S3 buckets and copy everything to the new ones. To re-create the Amazon S3 buckets with non–DNS compliant bucket names, perform the following actions:
References
- AWS Documentation
- Amazon S3 FAQs
- Buckets overview
- Bucket restrictions and limitations
- Configuring fast, secure file transfers using Amazon S3 Transfer Acceleration
- AWS Command Line Interface (CLI) Documentation
- s3api
- list-buckets
- get-bucket-policy
- create-bucket
- put-public-access-block
- put-bucket-policy
- delete-bucket
- CloudFormation Documentation
- AWS::S3::Bucket
- Terraform Documentation
- AWS Provider