|
Right now, we’re asserting a brand new function of Amazon Easy Storage Service (Amazon S3) you should utilize to create basic function buckets in your personal account regional namespace simplifying bucket creation and administration as your knowledge storage wants develop in measurement and scope. You may create basic function bucket names throughout a number of AWS Areas with assurance that your required bucket names will all the time be obtainable so that you can use.
With this function, you may predictably identify and create basic function buckets in your personal account regional namespace by appending your account’s distinctive suffix in your requested bucket identify. For instance, I can create the bucket mybucket-123456789012-us-east-1-an in my account regional namespace. mybucket is the bucket identify prefix that I specified, then I add my account regional suffix to the requested bucket identify: -123456789012-us-east-1-an. If one other account tries to create buckets utilizing my account’s suffix, their requests can be mechanically rejected.
Your safety groups can use AWS Id and Entry Administration (AWS IAM) insurance policies and AWS Organizations service management insurance policies to implement that your workers solely create buckets of their account regional namespace utilizing the brand new s3:x-amz-bucket-namespace situation key, serving to groups undertake the account regional namespace throughout your group.
Create your S3 bucket with account regional namespace in motion
To get began, select Create bucket within the Amazon S3 console. To create your bucket in your account regional namespace, select Account regional namespace. For those who select this selection, you may create your bucket with any identify that’s distinctive to your account and area.
This configuration helps all the identical options as basic function buckets within the world namespace. The one distinction is that solely your account can use bucket names along with your account’s suffix. The bucket identify prefix and the account regional suffix mixed should be between 3 and 63 characters lengthy.
Utilizing the AWS Command Line Interface (AWS CLI), you may create a bucket with account regional namespace by specifying the x-amz-bucket-namespace:account-regional request header and offering a appropriate bucket identify.
$ aws s3api create-bucket --bucket mybucket-123456789012-us-east-1-an
--bucket-namespace account-regional
--region us-east-1You should utilize the AWS SDK for Python (Boto3) to create a bucket with account regional namespace utilizing CreateBucket API request.
import boto3
class AccountRegionalBucketCreator:
"""Creates S3 buckets utilizing account-regional namespace function."""
ACCOUNT_REGIONAL_SUFFIX = "-an"
def __init__(self, s3_client, sts_client):
self.s3_client = s3_client
self.sts_client = sts_client
def create_account_regional_bucket(self, prefix):
"""
Creates an account-regional S3 bucket with the required prefix.
Resolves caller AWS account ID utilizing the STS GetCallerIdentity API.
Format: ---an
"""
account_id = self.sts_client.get_caller_identity()['Account']
area = self.s3_client.meta.region_name
bucket_name = self._generate_account_regional_bucket_name(
prefix, account_id, area
)
params = {
"Bucket": bucket_name,
"BucketNamespace": "account-regional"
}
if area != "us-east-1":
params["CreateBucketConfiguration"] = {
"LocationConstraint": area
}
return self.s3_client.create_bucket(**params)
def _generate_account_regional_bucket_name(self, prefix, account_id, area):
return f"{prefix}-{account_id}-{area}{self.ACCOUNT_REGIONAL_SUFFIX}"
if __name__ == '__main__':
s3_client = boto3.shopper('s3')
sts_client = boto3.shopper('sts')
creator = AccountRegionalBucketCreator(s3_client, sts_client)
response = creator.create_account_regional_bucket('test-python-sdk')
print(f"Bucket created: {response}")You may replace your infrastructure as code (IaC) instruments, comparable to AWS CloudFormation, to simplify creating buckets in your account regional namespace. AWS CloudFormation provides the pseudo parameters, AWS::AccountId and AWS::Area, making it straightforward to construct CloudFormation templates that create account regional namespace buckets.
The next instance demonstrates how one can replace your present CloudFormation templates to start out creating buckets in your account regional namespace:
BucketName: !Sub "amzn-s3-demo-bucket-${AWS::AccountId}-${AWS::Area}-an"
BucketNamespace: "account-regional"Alternatively, you can too use the BucketNamePrefix property to replace your CloudFormation template. By utilizing the BucketNamePrefix, you may present solely the client outlined portion of the bucket identify after which it mechanically provides the account regional namespace suffix primarily based on the requesting AWS account and Area specified.
BucketNamePrefix: 'amzn-s3-demo-bucket'
BucketNamespace: "account-regional"
Utilizing these choices, you may construct a customized CloudFormation template to simply create basic function buckets in your account regional namespace.
Issues to know
You may’t rename your present world buckets to bucket names with account regional namespace, however you may create new basic function buckets in your account regional namespace. Additionally, the account regional namespace is simply supported for basic function buckets. S3 desk buckets and vector buckets exist already in an account-level namespace and S3 listing buckets exist in a zonal namespace.
To study extra, go to Namespaces for basic function buckets within the Amazon S3 Consumer Information.
Now obtainable
Creating basic function buckets in your account regional namespace in Amazon S3 is now obtainable in 37 AWS Areas together with the AWS China and AWS GovCloud (US) Areas. You may create basic function buckets in your account regional namespace at no extra value.
Give it a strive within the Amazon S3 console at the moment and ship suggestions to AWS re:Submit for Amazon S3 or by means of your common AWS Assist contacts.
— Channy