What is the format of an S3 account-regional bucket name?

The format is: {your-prefix}-{12-digit-account-id}-{aws-region}-an. For example: mybucket-123456789012-us-east-1-an. The combined bucket name (prefix + suffix) must be between 3 and 63 characters. Only lowercase letters, numbers, and hyphens are allowed. The name cannot start or end with a hyphen.

Can I rename an existing S3 bucket to use the account-regional namespace?

No. You cannot rename existing global S3 buckets to account-regional namespace names. You must create new buckets using the account-regional namespace. S3 table buckets, vector buckets, and directory buckets are not affected as they already use account-level or zonal namespaces.

How do I create an S3 account-regional namespace bucket using the AWS CLI?

Use the --bucket-namespace account-regional flag: aws s3api create-bucket --bucket mybucket-123456789012-us-east-1-an --bucket-namespace account-regional --region us-east-1. For regions other than us-east-1, also add the --create-bucket-configuration LocationConstraint parameter.

How do I enforce account-regional namespace in my AWS Organization?

Use AWS Organizations Service Control Policies (SCPs) with the s3:x-amz-bucket-namespace condition key. Set a Deny effect on s3:CreateBucket with a condition that StringNotEquals s3:x-amz-bucket-namespace to account-regional. This forces all bucket creation in your org to use the account-regional namespace.

Is this tool free and private?

Yes. Everything runs entirely in your browser using JavaScript. No AWS account IDs, bucket names, or project details are ever sent to any server. It is completely safe to use with real account IDs.

AWS S3 · March 2026 Launch

S3 Regional Namespace
Generator & Validator

Generate valid account-regional S3 bucket names, validate naming rules, and instantly get Terraform / CloudFormation / CLI / PHP boilerplate — all in your browser.

Ends global "bucket name taken" conflicts

Validates the 3–63 combined character limit

Generates ready-to-use IaC boilerplate

Enforces org-wide with SCP snippet included

100% browser-based — zero data sent to server

Namespace Generator

Configure Your Bucket

Bucket Name Prefix * Lowercase letters, numbers, hyphens only. No leading/trailing hyphens.

AWS Account ID * 12-digit numeric AWS account ID.

AWS Region * Available in all 37 AWS Regions including China & GovCloud.

Bucket Purpose (optional) Adds a semantic suffix suggestion to your prefix.

Generated Bucket Name

Enter prefix, account ID & region to generate →

○ Prefix uses only lowercase letters, numbers, hyphens

○ Prefix does not start or end with a hyphen

○ Account ID is exactly 12 digits

○ AWS region is selected

○ Combined name is between 3 and 63 characters

○ Name does not contain dots (not recommended with TLS)

○ Name does not look like an IP address

IaC & SDK Boilerplate

Generated Code Snippets Fill the form above to generate

# Fill in the form above to generate your AWS CLI command

# Fill in the form above to generate Terraform code

# Fill in the form above to generate CloudFormation YAML

# Fill in the form above to generate Python / Boto3 code

# Fill in the form above to generate PHP / AWS SDK code

Org-wide Enforcement: The SCP below enforces that all bucket creation in your AWS Organization uses the account-regional namespace via the new s3:x-amz-bucket-namespace condition key. Attach it to your root OU or specific OUs.

# Fill in the form above to generate the SCP / IAM policy JSON

About S3 Regional Namespaces

What Is the Amazon S3 Account Regional Namespace?

On March 12, 2026, AWS launched a major quality-of-life improvement for S3: Account Regional Namespaces for general purpose buckets. For over a decade, developers faced the frustrating reality that S3 bucket names were globally unique — meaning a name like my-app-logs could be taken by any account anywhere in the world.

The new account-regional namespace scopes bucket names to your AWS account + region. The bucket name format is:

{prefix}-{12-digit-accountId}-{region}-an

The -an suffix is the account-namespace indicator. Only your AWS account can create buckets with your account's suffix — requests from other accounts are automatically rejected by AWS.

✅ Who Benefits

Platform teams standardising naming conventions, IaC authors who want predictable bucket names across environments, and orgs migrating to a multi-account AWS Landing Zone.

⚠️ What Doesn't Change

You cannot rename existing global buckets. S3 table buckets, vector buckets, and directory buckets are unaffected — they already use account-level or zonal namespaces.

🔒 Enforce Org-Wide

Use the new s3:x-amz-bucket-namespace IAM condition key in SCPs to prevent anyone in your AWS Organization from creating buckets in the old global namespace.

🌍 Availability

Available in all 37 AWS Regions including AWS China (cn-north-1, cn-northwest-1) and AWS GovCloud (US) Regions. No additional cost.

S3 Naming Rules for Account-Regional Buckets

The combined name (prefix + account ID + region + -an) must be 3–63 characters.
Only lowercase letters, numbers, and hyphens are allowed — no underscores, dots, or uppercase.
The full name must not start or end with a hyphen.
The name must not resemble an IP address (e.g., 192.168.5.4).
Dots are technically allowed but not recommended because they break TLS wildcard certificate matching.

CloudFormation Pseudo-Parameters

AWS CloudFormation makes account-regional bucket names trivial using built-in pseudo parameters. Use AWS::AccountId and AWS::Region — no hardcoding required. The generator above outputs a ready-to-use CloudFormation YAML snippet for both the BucketName and BucketNamePrefix approaches.

Frequently Asked Questions

Can I migrate an existing S3 bucket to account-regional namespace?

No. S3 does not support renaming existing buckets. You must create a new bucket with the account-regional namespace name, migrate your data (using S3 Batch Operations or aws s3 sync), update all access policies and application references, then delete the old bucket when ready.

How is this different from S3 directory buckets or table buckets?

S3 directory buckets (used for S3 Express One Zone) already use a zonal namespace — they end in --{az-id}--x-s3. S3 table buckets and vector buckets use an account-level namespace. The new account-regional namespace is specifically for general purpose buckets, which is the most common bucket type.

Does using account-regional namespace change the bucket's endpoint URL?

No. The bucket endpoint URL format remains the same: https://{bucket-name}.s3.{region}.amazonaws.com. The account-regional namespace only affects how the bucket name is validated and owned — all S3 features, endpoints, SDKs, and APIs work identically.

What is the s3:x-amz-bucket-namespace IAM condition key?

It is a new IAM condition key released alongside the account-regional namespace feature. You can use it in IAM policies and AWS Organizations SCPs to control what namespace developers are allowed to create buckets in. Setting StringNotEquals: s3:x-amz-bucket-namespace: account-regional with a Deny effect forces all bucket creation to use the new namespace org-wide.

Is this tool free? Does it store my AWS Account ID?

Yes, completely free. All logic runs in JavaScript entirely in your browser. Nothing is sent to any server. Your AWS Account ID, prefix, and generated code never leave your device. It is safe to use with your real production account ID.

More Free Online Tools

Simple tools. Surgical fixes. Zero friction.

Amazon Connect CCP Log Parser

Parse Amazon Connect CCP logs into structured, searchable diagnostics.

Open

Amazon Connect CTR Parser

Turn raw Amazon Connect CTR JSON into a rich visual breakdown.

Open

Amazon Connect Agent Workstation Validator

Pre-flight check for Amazon Connect softphone agents.

Open

CloudTrail Log Analyser

Security audit & threat detection for AWS environments.

Open

Amazon Connect Pricing Calculator

Instantly estimate monthly AWS Connect costs — voice, chat, email, campaigns, telephony & more.

Open

Connect CloudWatch Log Analyzer

Drop any Amazon Connect CloudWatch log and get a rich visual breakdown.

Open

S3 Regional Namespace
Generator & Validator

What Is the Amazon S3 Account Regional Namespace?

✅ Who Benefits

⚠️ What Doesn't Change

🔒 Enforce Org-Wide

🌍 Availability

S3 Naming Rules for Account-Regional Buckets

CloudFormation Pseudo-Parameters

More Free Online Tools

Amazon Connect CCP Log Parser

Amazon Connect CTR Parser

Amazon Connect Agent Workstation Validator

CloudTrail Log Analyser

Amazon Connect Pricing Calculator

Connect CloudWatch Log Analyzer

Report an Issue

Report Received!

S3 Regional NamespaceGenerator & Validator

What Is the Amazon S3 Account Regional Namespace?

✅ Who Benefits

⚠️ What Doesn't Change

🔒 Enforce Org-Wide

🌍 Availability

S3 Naming Rules for Account-Regional Buckets

CloudFormation Pseudo-Parameters

More Free Online Tools

Amazon Connect CCP Log Parser

Amazon Connect CTR Parser

Amazon Connect Agent Workstation Validator

CloudTrail Log Analyser

Amazon Connect Pricing Calculator

Connect CloudWatch Log Analyzer

S3 Regional Namespace
Generator & Validator