AWS finally rolls out account/region-specific namespaces for S3 buckets

I am amazed this feature wasn’t rolled out years ago.

I can’t imagine how many S3 buckets were misconfigured and crawled because of their global namespaces.

Not only was it kind of annoying needing to find an S3 namespace that wasn’t taken for some S3 bucket you never planned to make public, but there were a ton of security implications there.

I have heard of popular projects shutting down their S3 bucket and other people grabbing the bucket's newly released global namespace.

This can be done for malicious purposes, like hoping the users of the old popular project will try to grab some files from the original S3 bucket, only to end up pulling a new malicious payload.

On the other side of that, I have heard of new non-malicious parties grabbing the global namespace, not knowing about the namespace being used for the now-defunct popular product, and then getting spammed into oblivion by people still running the software pointed at that namespace.

Basically, there are a lot of things that can go wrong if the bucket isn’t configured perfectly.

So I am glad they are allowing you to create buckets that are unique to your account.

It only took them 20 years!

If you want to know more about how to secure your entire AWS account, much less your S3 buckets, you should check out my On-Demand Video Course on O'Reilly Zero to Hero on AWS Security: An Animated Guide to Security in the Cloud