Regex for s3 bucket name

Question

I'm trying to create an s3 bucket through cloudformation. I tried using regex ^([0-9a-z.-]){3,63}$, but it also accepts the patterns "..." and "---" which are invalid according to new s3 naming conventions. (Ref: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html) Please help?

Answer 1

Answer

The simplest and safest regex is:

(?!(^xn--|.+-s3alias$))^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$

It ensures that names work for all cases - including when you are using S3 Transfer Acceleration. Also, as it doesn't include any backslashes, it's easier to use in string contexts.

Alternative

If you need S3 bucket names that include dots (and you don't use S3 Transfer Acceleration), you can use this instead:

(?!(^((2(5[0-5]|[0-4][0-9])|[01]?[0-9]{1,2})\.){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9]{1,2})$|^xn--|.+-s3alias$))^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$

Explanation

The Amazon S3 bucket naming rules as of 2022-05-14 are:

1. Bucket names must be between 3 (min) and 63 (max) characters long.
2. Bucket names can consist only of lowercase letters, numbers, dots (.), and hyphens (-).
3. Bucket names must begin and end with a letter or number.
4. Bucket names must not be formatted as an IP address (for example, 192.168.5.4).
5. Bucket names must not start with the prefix xn--.
6. Bucket names must not end with the suffix -s3alias.
7. Buckets used with Amazon S3 Transfer Acceleration can't have dots (.) in their names.

This regex matches all the rules (including rule 7):

(?!(^xn--|.+-s3alias$))^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$

The first group (?!(^xn--|-s3alias$)) is a negative lookahead that ensures that the name doesn't start with xn-- or end with -s3alias (satisfying rules 5 and 6).

The rest of the expression ^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$ ensures that:

• the name starts with a lowercase letter or number (^[a-z0-9]) and ends with a lowercase letter or number ([a-z0-9]$) (rule 3).
• the rest of the name consists of 1 to 61 lowercase letters, numbers or hyphens ([a-z0-9-]{1,61}) (rule 2).
• the entire expression matches names from 3 to 63 characters in length (rule 1).

Lastly, we don't need to worry about rule 4 (which forbids names that look like IP addresses) because rule 7 implicitly covers this by forbidding dots in names.

If you do not use Amazon S3 Transfer Acceleration and want to permit more complex bucket names, then you can use this more complicated regular expression:

(?!(^((2(5[0-5]|[0-4][0-9])|[01]?[0-9]{1,2})\.){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9]{1,2})$|^xn--|.+-s3alias$))^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$

The main change is the addition of the expression to match IPv4 addresses (while the spec simply says that bucket names must not be formatted as IP addresses, as IPv6 addresses contain colons, they are already forbidden by rule 2.)

Answer 2

The following regex fulfils the AWS specifications provided the fact you don't want to allow . in the bucket name (which is a recommendation, otherwise Transfer Acceleration can't be enabled):

^((?!xn--)(?!.*-s3alias$)[a-z0-9][a-z0-9-]{1,61}[a-z0-9])$

This one is good because it allows to be incorporated in more complex checks simply replacing ^ and $ with other strings, thus allowing for ARN checks and so on.

EDIT: added -s3alias exclusion as per the comment by @ryanjdillon

Answer 3

I've adapted Zak's answer a little bit. I found it was a little too complicated and threw out valid domain names. Here's the new regex (available with tests on regex101.com**):

(?!^(\d{1,3}\.){3}\d{1,3}$)(^[a-z0-9]([a-z0-9-]*(\.[a-z0-9])?)*$)

The first part is the negative lookahead (?!^(\d{1,3}\.){3}\d{1,3}$), which only matches valid IP addresses. Basically, we try to match 1-3 numbers followed by a period 3 times (\d{1,3}\.){3}) followed by 1-3 numbers (\d{1,3}).

The second part says that the name must start with a lowercase letter or a number (^[a-z0-9]) followed by lowercase letters, numbers, or hyphens repeated 0 to many times ([a-z0-9-]*). If there is a period, it must be followed by a lowercase letter or number ((\.[a-z0-9])?). These last 2 patterns are repeated 0 to many times (([a-z0-9-]*(\.[a-z0-9])?)*).

The regex does not attempt to enforce the size restrictions set forth by AWS (3-63 characters). That can either be handled by another regex (.{3,6}) or by checking the size of the string.

---

** At that link, one of the tests I added are failing, but if you switch to the test area and type in the same pattern, it passes. It also works if you copy/paste it into the terminal, so I assume that's a bug on the regex101.com side.

Answer 4

Regular expression for S3 Bucket Name:

String S3_REPORT_NAME_PATTERN = "[0-9A-Za-z!\\-_.*\'()]+";

String S3_PREFIX_PATTERN   = "[0-9A-Za-z!\\-_.*\\'()/]*";

String S3_BUCKET_PATTERN = "(?=^.{3,63}$)(?!^(\\d+\\.)+\\d+$)(^(([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])\\.)*([a-z0-9]|[a-z0-9][a-z0-9\\-]*[a-z0-9])$)";

Answer 5

I used @Zak regex but it isn't 100% correct. I used this for all rules for AWS bucket name. I make validation step by step so it looks like this:

• Bucket names must be at least 3 and no more than 63 characters long -> ^.{3,63}$
• Bucket names must not contain uppercase characters or underscores -> [A-Z_]
• Bucket names must start with a lowercase letter or number -> ^[a-z0-9]
• Bucket names must not be formatted as an IP address (for example, 192.168.5.4) ->^(\d+\.)+\d+$. That is more restricted then AWS.
• Bucket names must be a series of one or more labels. Adjacent labels are separated by a single period (.) -> In python if ".." in bucket_name:
• .. Each label must end with a lowercase letter or a number ->^(.*[a-z0-9]\.)*.*[a-z0-9]$

Answer 6

var bucketRGEX =  new RegExp(/(?=^.{3,63}$)/);
var bucketRGEX1 =  new RegExp(/(?!^(\d+\.)+\d+$)/);
var bucketRGEX2 =  new RegExp(/(^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$)/);
var result = bucketRGEX.test(bucketName);
var result1 = bucketRGEX1.test(bucketName);
var result2 = bucketRGEX2.test(bucketName);
console.log('bucketName '+bucketName +' result '+result);
console.log('bucketName '+bucketName +' result1 '+result1);
console.log('bucketName '+bucketName +' result 2 '+result2);

if(result && result1 && result2)
{
  //condition pass
}
else
{
    //not valid bucket name
}  

Answer 7

AWS issued new guidelines where '.' is considered not recommended and bucket names starting with 'xn--' are now prohibited (https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). If you disallow '.' the regex becomes much more readable:

(?=^.{3,63}$)(?!xn--)([a-z0-9](?:[a-z0-9-]*)[a-z0-9])$

Answer 8

I tried passing a wrong bucket name to the S3 API itself to see how it validates. Looks like the following are valid regex patterns as returned in the API response.

Bucket name must match the regex

^[a-zA-Z0-9.\-_]{1,255}$

or be an ARN matching the regex

^arn:(aws).*:(s3|s3-object-lambda):[a-z\-0-9]+:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\-]{1,63}$|^arn:(aws).*:s3-outposts:[a-z\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\-]{1,63}$

Answer 9

Edit: Modified the regexp to allow required size (3-63) and add some other options.

The names must be DNS-compliant, so you could try with:

^[A-Za-z0-9][A-Za-z0-9\-]{1,61}[A-Za-z0-9]$

See: https://regexr.com/3psne

Use this if you need to use periods:

^[A-Za-z0-9][A-Za-z0-9\-.]{1,61}[A-Za-z0-9]$

See: https://regexr.com/3psnb

Finally, if you want to disallow two consecutive 'non-word' characters, you can use:

^[A-Za-z0-9](?!.*[.-]{2})[A-Za-z0-9\-.]{1,61}[A-Za-z0-9]$

See: https://regexr.com/3psn8

Based on: Regexp for subdomain

Answer 10

If you do not use transfer accelration, you can simply remove the period option. This code accounts for all the rules, including

• no double dots
• no slash/doto combo in a ow
• no dot/slash combo

it also allows for you to put a trailing slash at the bucket name or not, depending if you want your user to do so

(?!^|xn--)[a-z0-9]{1}[a-z0-9-.]{1,61}[a-z0-9]{1}(?<!-s3alias|\.\..{1,63}|.{1,63}\.\.|\.\-.{1,63}|.{1,63}\.\-|\-\..{1,63}|.{1,63}\-\.)(?=$|\/)