 |
As we speak, we’re saying a brand new function of Amazon Easy Storage Service (Amazon S3) you should utilize to create basic objective buckets in your individual account regional namespace simplifying bucket creation and administration as your knowledge storage wants develop in dimension and scope. You may create basic objective bucket names throughout a number of AWS Areas with assurance that your required bucket names will all the time be obtainable so that you can use.
With this function, you possibly can predictably identify and create basic objective buckets in your individual account regional namespace by appending your account’s distinctive suffix in your requested bucket identify. For instance, I can create the bucket mybucket-123456789012-us-east-1-an in my account regional namespace. mybucket is the bucket identify prefix that I specified, then I add my account regional suffix to the requested bucket identify: -123456789012-us-east-1-an. If one other account tries to create buckets utilizing my account’s suffix, their requests can be routinely rejected.
Your safety groups can use AWS Id and Entry Administration (AWS IAM) insurance policies and AWS Organizations service management insurance policies to implement that your workers solely create buckets of their account regional namespace utilizing the brand new s3:x-amz-bucket-namespace situation key, serving to groups undertake the account regional namespace throughout your group.
Create your S3 bucket with account regional namespace in motion
To get began, select Create bucket within the Amazon S3 console. To create your bucket in your account regional namespace, select Account regional namespace. For those who select this feature, you possibly can create your bucket with any identify that’s distinctive to your account and area.
This configuration helps the entire identical options as basic objective buckets within the world namespace. The one distinction is that solely your account can use bucket names along with your account’s suffix. The bucket identify prefix and the account regional suffix mixed should be between 3 and 63 characters lengthy.
Utilizing the AWS Command Line Interface (AWS CLI), you possibly can create a bucket with account regional namespace by specifying the x-amz-bucket-namespace:account-regional request header and offering a appropriate bucket identify.
$ aws s3api create-bucket --bucket mybucket-123456789012-us-east-1-an
--bucket-namespace account-regional
--region us-east-1You need to use the AWS SDK for Python (Boto3) to create a bucket with account regional namespace utilizing CreateBucket API request.
import boto3
class AccountRegionalBucketCreator:
"""Creates S3 buckets utilizing account-regional namespace function."""
ACCOUNT_REGIONAL_SUFFIX = "-an"
def __init__(self, s3_client, sts_client):
self.s3_client = s3_client
self.sts_client = sts_client
def create_account_regional_bucket(self, prefix):
"""
Creates an account-regional S3 bucket with the desired prefix.
Resolves caller AWS account ID utilizing the STS GetCallerIdentity API.
Format: ---an
"""
account_id = self.sts_client.get_caller_identity()['Account']
area = self.s3_client.meta.region_name
bucket_name = self._generate_account_regional_bucket_name(
prefix, account_id, area
)
params = {
"Bucket": bucket_name,
"BucketNamespace": "account-regional"
}
if area != "us-east-1":
params["CreateBucketConfiguration"] = {
"LocationConstraint": area
}
return self.s3_client.create_bucket(**params)
def _generate_account_regional_bucket_name(self, prefix, account_id, area):
return f"{prefix}-{account_id}-{area}{self.ACCOUNT_REGIONAL_SUFFIX}"
if __name__ == '__main__':
s3_client = boto3.consumer('s3')
sts_client = boto3.consumer('sts')
creator = AccountRegionalBucketCreator(s3_client, sts_client)
response = creator.create_account_regional_bucket('test-python-sdk')
print(f"Bucket created: {response}")You may replace your infrastructure as code (IaC) instruments, comparable to AWS CloudFormation, to simplify creating buckets in your account regional namespace. AWS CloudFormation gives the pseudo parameters, AWS::AccountId and AWS::Area, making it straightforward to construct CloudFormation templates that create account regional namespace buckets.
The next instance demonstrates how one can replace your present CloudFormation templates to begin creating buckets in your account regional namespace:
BucketName: !Sub "amzn-s3-demo-bucket-${AWS::AccountId}-${AWS::Area}-an"
BucketNamespace: "account-regional"Alternatively, you can even use the BucketNamePrefix property to replace your CloudFormation template. Through the use of the BucketNamePrefix, you possibly can present solely the client outlined portion of the bucket identify after which it routinely provides the account regional namespace suffix based mostly on the requesting AWS account and Area specified.
BucketNamePrefix: 'amzn-s3-demo-bucket'
BucketNamespace: "account-regional"
Utilizing these choices, you possibly can construct a customized CloudFormation template to simply create basic objective buckets in your account regional namespace.
Issues to know
You may’t rename your present world buckets to bucket names with account regional namespace, however you possibly can create new basic objective buckets in your account regional namespace. Additionally, the account regional namespace is just supported for basic objective buckets. S3 desk buckets and vector buckets exist already in an account-level namespace and S3 listing buckets exist in a zonal namespace.
To study extra, go to Namespaces for basic objective buckets within the Amazon S3 Consumer Information.
Now obtainable
Creating basic objective buckets in your account regional namespace in Amazon S3 is now obtainable in 37 AWS Areas together with the AWS China and AWS GovCloud (US) Areas. You may create basic objective buckets in your account regional namespace at no extra price.
Give it a attempt within the Amazon S3 console at the moment and ship suggestions to AWS re:Submit for Amazon S3 or by your normal AWS Assist contacts.
— Channy