upvote

points

by Aardwolf11 hours ago |
comments
upvoteby hrmtst938379 hours ago|
next
[-]
If you block name reuse globally, you introduce a new attack surface: permanent denial by squatting on retired names. Companies mess up names all the time from typos, failed rollouts, or legal issues. A one-shot policy locks everyone into their worst error or creates a regulatory mess over who can undo registrations.

Namespaces are annoying but at least let you reorganize or fix mistakes. If you want to prevent squatting, rate limiting creation and deletion or using a quarantine window is more practical. No recovery path just rewards trolls and messes with anyone whose processes aren't perfect.

reply
upvoteby orf10 hours ago|
prev|
next
[-]
That would be a huge breaking change. Any workload that relies on re-using a bucket name would be broken, and at the scale of S3 that would have a non-trivial customer impact.

Not to mention the ergonomics would suck - suddenly your terraform destroy/apply loop breaks if there’s a bucket involved

reply
upvoteby afandian10 hours ago|
parent|
[-]
Any workload that relies on re-using a bucket name is broken by design. If someone else can get it, then it's Undefined Behaviour. So it's in keeping with the contract for AWS to prevent re-use. Surely?
reply
upvoteby orf10 hours ago|
parent|
[-]
Think terraform tests, temporary environments, etc. Or anything else: it’s Hyrum's Law.
reply
upvoteby iknownothow11 hours ago|
prev|
next
[-]
Potential reasons I can think of for why they don't disallow name reuse:

a) AWS will need to maintain a database of all historical bucket names to know what to disallow. This is hard per region and even harder globally. Its easier to know what is currently in use rather know what has been used historically.

b) Even if they maintained a database of all historically used bucket names, then the latency to query if something exists in it may be large enough to be annoying during bucket creation process. Knowing AWS, they'll charge you for every 1000 requests for "checking if bucket name exists" :p

c) AWS builds many of its own services on S3 (as indicated in the article) and I can imagine there may be many of their internal services that just rely on existing behaviour i.e. allowing for re-creating the same bucket name.

reply
upvoteby dwedge11 hours ago|
parent|
[-]
I can't accept a) or b). They already need to keep a database of all existing bucket names globally, and they already need to check this on bucket creation. Adding a flag on deleted doesn't seem like a big loss.

As for c), I assume it's not just AWS relying on this behaviour. https://xkcd.com/1172/

reply
upvoteby CodesInChaos11 hours ago|
prev|
next
[-]
I'd allow re-use, but only by the original account. Not being able to re-create a bucket after deleting it would be annoying.

I think that's an important defense that AWS should implement for existing buckets, to complement account scoped bucket.

reply
upvoteby wiether10 hours ago|
parent|
[-]
Then they should allow bucket ownership transfer...
reply
upvoteby 11 hours ago|
prev|
next
[-]
deleted
reply
upvoteby JoBrad9 hours ago|
prev|
[-]
I think a better policy would be to disallow bucket names that follow the account regional namespace convention, but don’t match the account id indicated in the name.
reply
upvoteby NetMageSCW4 hours ago|
parent|
[-]
So no bucket sharing across accounts?
reply