|
At this time, we’re saying a brand new characteristic of Amazon Easy Storage Service (Amazon S3) you need to use to create common goal buckets in your personal account regional namespace simplifying bucket creation and administration as your information storage wants develop in measurement and scope. You’ll be able to create common goal bucket names throughout a number of AWS Areas with assurance that your required bucket names will at all times be obtainable so that you can use.
With this characteristic, you possibly can predictably identify and create common goal buckets in your personal account regional namespace by appending your account’s distinctive suffix in your requested bucket identify. For instance, I can create the bucket mybucket-123456789012-us-east-1-an in my account regional namespace. mybucket is the bucket identify prefix that I specified, then I add my account regional suffix to the requested bucket identify: -123456789012-us-east-1-an. If one other account tries to create buckets utilizing my account’s suffix, their requests shall be robotically rejected.
Your safety groups can use AWS Id and Entry Administration (AWS IAM) insurance policies and AWS Organizations service management insurance policies to implement that your workers solely create buckets of their account regional namespace utilizing the brand new s3:x-amz-bucket-namespace situation key, serving to groups undertake the account regional namespace throughout your group.
Create your S3 bucket with account regional namespace in motion
To get began, select Create bucket within the Amazon S3 console. To create your bucket in your account regional namespace, select Account regional namespace. When you select this selection, you possibly can create your bucket with any identify that’s distinctive to your account and area.
This configuration helps the entire identical options as common goal buckets within the world namespace. The one distinction is that solely your account can use bucket names together with your account’s suffix. The bucket identify prefix and the account regional suffix mixed have to be between 3 and 63 characters lengthy.
Utilizing the AWS Command Line Interface (AWS CLI), you possibly can create a bucket with account regional namespace by specifying the x-amz-bucket-namespace:account-regional request header and offering a appropriate bucket identify.
$ aws s3api create-bucket --bucket mybucket-123456789012-us-east-1-an
--bucket-namespace account-regional
--region us-east-1You should use the AWS SDK for Python (Boto3) to create a bucket with account regional namespace utilizing CreateBucket API request.
import boto3
class AccountRegionalBucketCreator:
"""Creates S3 buckets utilizing account-regional namespace characteristic."""
ACCOUNT_REGIONAL_SUFFIX = "-an"
def __init__(self, s3_client, sts_client):
self.s3_client = s3_client
self.sts_client = sts_client
def create_account_regional_bucket(self, prefix):
"""
Creates an account-regional S3 bucket with the desired prefix.
Resolves caller AWS account ID utilizing the STS GetCallerIdentity API.
Format: ---an
"""
account_id = self.sts_client.get_caller_identity()['Account']
area = self.s3_client.meta.region_name
bucket_name = self._generate_account_regional_bucket_name(
prefix, account_id, area
)
params = {
"Bucket": bucket_name,
"BucketNamespace": "account-regional"
}
if area != "us-east-1":
params["CreateBucketConfiguration"] = {
"LocationConstraint": area
}
return self.s3_client.create_bucket(**params)
def _generate_account_regional_bucket_name(self, prefix, account_id, area):
return f"{prefix}-{account_id}-{area}{self.ACCOUNT_REGIONAL_SUFFIX}"
if __name__ == '__main__':
s3_client = boto3.shopper('s3')
sts_client = boto3.shopper('sts')
creator = AccountRegionalBucketCreator(s3_client, sts_client)
response = creator.create_account_regional_bucket('test-python-sdk')
print(f"Bucket created: {response}")You’ll be able to replace your infrastructure as code (IaC) instruments, equivalent to AWS CloudFormation, to simplify creating buckets in your account regional namespace. AWS CloudFormation presents the pseudo parameters, AWS::AccountId and AWS::Area, making it simple to construct CloudFormation templates that create account regional namespace buckets.
The next instance demonstrates how one can replace your present CloudFormation templates to start out creating buckets in your account regional namespace:
BucketName: !Sub "amzn-s3-demo-bucket-${AWS::AccountId}-${AWS::Area}-an"
BucketNamespace: "account-regional"Alternatively, you too can use the BucketNamePrefix property to replace your CloudFormation template. By utilizing the BucketNamePrefix, you possibly can present solely the shopper outlined portion of the bucket identify after which it robotically provides the account regional namespace suffix based mostly on the requesting AWS account and Area specified.
BucketNamePrefix: 'amzn-s3-demo-bucket'
BucketNamespace: "account-regional"
Utilizing these choices, you possibly can construct a customized CloudFormation template to simply create common goal buckets in your account regional namespace.
Issues to know
You’ll be able to’t rename your present world buckets to bucket names with account regional namespace, however you possibly can create new common goal buckets in your account regional namespace. Additionally, the account regional namespace is just supported for common goal buckets. S3 desk buckets and vector buckets exist already in an account-level namespace and S3 listing buckets exist in a zonal namespace.
To be taught extra, go to Namespaces for common goal buckets within the Amazon S3 Consumer Information.
Now obtainable
Creating common goal buckets in your account regional namespace in Amazon S3 is now obtainable in 37 AWS Areas together with the AWS China and AWS GovCloud (US) Areas. You’ll be able to create common goal buckets in your account regional namespace at no further value.
Give it a strive within the Amazon S3 console at this time and ship suggestions to AWS re:Publish for Amazon S3 or by way of your standard AWS Assist contacts.
— Channy
