What are the most restrictive aws resource name limitations (e.g. characters and length)?

Question

Different resources in aws, such as S3 buckets, lambdas and roles, have different maximum lengths and different character sets which they accept.

Is there a very restrictive resource name, which, if you follow it, you will also be obeying the restrictions of all other resources?

I'm looking for a set of constraints which will obey every kind of restriction enforced by all resource groups, globally, yet also be as permissive as possible.

The ideal answer would be a nice, unambiguous regular expression.

While I don't have a complete set of resource name restrictions, the ones for S3 bucket names are already pretty limiting: 3-63 characters, limited set of special characters as allowed in domain names (e.g. `.` and `-`, but no `_`): http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules — Dunedan, Sep 05 '17 at 18:46
Well, that's no counter example, that's than just an additional limitation. — Dunedan, Sep 19 '17 at 05:03

score 26 · Accepted Answer · edited May 11 '21 at 05:04

26

1. AWS Lambda

Function name must contain only letters, numbers, hyphens, or underscores

This field is too long. Maximum length is 140 characters.

This field is too short. Minimum length is 1 character.

source: AWS Lambda "Create Function" Page & API docs.

2. S3 Bucket:

Bucket name must NOT contain uppercase characters or underscores

Bucket name must be between 3 and 63 characters long

source: AWS S3 "Create Bucket" Page & API docs.

3. RDS

Must contain 1 to 63 alphanumeric characters or hyphens.

First character must be a letter.

Cannot end with a hyphen or contain two consecutive hyphens.

source: AWS RDS docs

So adding only the 3 services above we can conclude that it's best to be:

Only lowercase alphanumeric characters and hyphens.

Minimum of 3 characters and maximum of 63.

First character must be a letter, cannot end with a hyphen or contain two consecutive hyphens.

I'd also suggest subtracting a common prefix (i.e. company name initials, "google-") from the maximum length to avoid running into issues when trying to create a bucket (or any AWS wide name) that could happen with a valid common name = "john"

Also looking at the IAM username and roles length restrictions (found here), nothing seems to conflict with the above conclusion.

Regex #1 (for advanced regex engines w/ lookahead support)

 /(?=.{3,63}$)(?!-)(?!.*--)[a-z0-9-]+(?<!-)/

Read this and this for better understand the regex above.

Regex #2

 /(^[a-z\d]{1,2}((-[a-z\d])|([a-z\d]{1,2})){0,30}[a-z\d]$)|(^[‌a-z\d]((-[a-z\d])|([‌a-z\d]{1,2})){0,30}[‌a-z\d-]?[a-z\d]$)/

edited May 11 '21 at 05:04

slaughtr

536
5
17

answered Sep 19 '17 at 00:57

mostafazh

4,144
1
20
26

1

Thanks, @mostafazh. Did you check any other resources? E.g. IAM roles? How do you know there aren't other resources to consider? I note that you've eliminated underscore and hyphen from your final ruleset. I know S3 buckets eliminate underscore (although you've excluded this information), but why eliminate hyphens? Remember the correct answer will also be maximally permissive. I've amended the question to request a regex as the answer. – Jordan Morris Sep 19 '17 at 04:29
1

won't work since it doesn't match something like `asdasd-d` or `a-d` – mostafazh Sep 20 '17 at 00:51
Here is a modified version which allows the odd character to be either at the start or the end: `(^[a-z\d]{1,2}((-[a-z\d])|([a-z\d]{1,2})){0,30}[a-z\d]$)|(^[a-z\d]((-[a-z\d])|([a-z\d]{1,2})){0,30}[a-z\d-]?[a-z\d]$)` . Unfortunately, it's twice as long, but I don't see a way around that with a straight-forward regex which is supported by languages like javascript. – Jordan Morris Sep 20 '17 at 01:05
1

Actually `dd-dd4-d0ss-sdd-a-d-fd3` matches. My regex is basically the combination of https://stackoverflow.com/a/4897392/1772245 `(?!-)(?!.*--)[a-z0-9-]+(?<!-)` and https://stackoverflow.com/a/24115363/1772245 `(?=.{3,63}$)` which is basically lookahead regex – mostafazh Sep 20 '17 at 01:08
Cool. Thanks for looking into this! Please add my latest regex as an alternative for people using regex engines which don't support lookaheads and I will accept this answer. – Jordan Morris Sep 20 '17 at 01:51
7

ALB Target group names have a maximum length of 32 characters: `Target group name 'test-stack-type-rainy-alb-target-group' cannot be longer than '32' characters (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: ValidationError`. Presumably, Regex #1 can simply be altered by changing the length constraint to `{3, 32}`, as for #2... not sure. – JoshuaCWebDeveloper Apr 09 '19 at 17:50
4

ElastiCache cluster names have a maximum length of 20 characters: `The parameter CacheClusterIdentifier is not a valid identifier because it is longer than 20 characters.` https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticache-cache-cluster.html#cfn-elasticache-cachecluster-clustername. That would make the size restriction `{3, 20}`. – JoshuaCWebDeveloper Apr 10 '19 at 17:20
It looks like you accidentally left “[a-z0-9-]” in the regex, but as you mentioned only letters and hyphens should be allowed, so the “0-9” part should be removed. – Hanse00 Nov 19 '20 at 23:15
Hanse00 you mean the first regex? – mostafazh Nov 22 '20 at 12:05