By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

s3 bucket both exists and does not exist at the same time

0

I created and destroyed an s3 bucket some_bucket approximately 2 hours ago. However, I am unable to recreate it (same region, same user, same name) due to this error:

Error: creating Amazon S3 (Simple Storage) Bucket (vpts): BucketAlreadyExists: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.

I am almost certain, however, that the bucket name has not been taken because upon a global aws cli check:

aws s3 ls s3://some_bucket --no-sign-request 
An error occurred (NoSuchBucket) when calling the ListObjectsV2 operation: The specified bucket does not exist

If the bucket existed with restricted permissions, I would get the error Access Denied. If public, it would return the contents of the bucket, but neither happened. So if an S3 bucket cannot both exist and not exist, how long does it take for AWS to update its S3 global namespace?

Topics
StorageManagement & GovernanceSecurity, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceAWS Command Line InterfaceIAM PoliciesDomain Name System (DNS)S3 Object Lock
Language
English
bigbird
asked 8 months ago450 views
2 Answers
2

I understand your concern and have seen this behavior myself too.

What you described in your question is absolutely right, if bucket would exist with that name then with --no-sign-request option, you'll get access denied instead of doesn't exist.

Sometime it takes time to get this cleaned up completely, understand it from eventual consistent way. It'd take maximum of 24 hours, you'd be able to use the same name when creating a new bucket, if by then someone does't create the bucket with same name(less likely if your bucket name was fairly unique).

Please refer S3 Consistency Model for more clarity.

Hope this explanation helps.

Comment here if you have additional question, happy to help.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 8 months ago
profile pictureAWS
EXPERT
Jose Guay
reviewed 8 months ago
  • secondabhi_aws EXPERT
    8 months ago

    Do you have any additional questions, happy to be of help.

1
Accepted Answer

The bucket namespace is global (not per-account), so if someone else already has a bucket by that name, you won't be able to create/recreate it.

More info since you -1'd my answer and edited your question:

If you've created and destroyed a bucket with a specific name, you won't be able to recreate it immediately, even in the same region or AWS account, because the bucket name remains reserved for some time after deletion. This reservation period is known as the "bucket name retention period", which I'm sure you already know. During this period, the bucket name is not available for reuse to prevent conflicts and issues with data consistency across global S3 space.

AWS does not currently specify the exact duration of the bucket name retention period. It's typically not disclosed, and it definitely can vary depending on AWS's internal processes and system load. AWS Support will in general, recommended to choose a different name for your new bucket if you encounter the "BucketAlreadyExists" error after deleting a bucket with the same name. Eventually, the previous bucket name should become available for reuse, but the exact timeframe is not predictable.

If you have a specific use case or requirement where you need to reuse a bucket name immediately after deletion, you may consider contacting AWS Support for further assistance or to inquire about any potential changes in the bucket name retention policy, but I was unable to find anything that specifically stated a retention policy.

Ref: https://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction.html#ConsistencyModel

Ref: https://repost.aws/knowledge-center/s3-conflicting-conditional-operation

profile pictureAWS
JC
answered 8 months ago
  • bigbird
    8 months ago

    Correct, it is global, but that doesn't answer my question. If someone else has a bucket by that name, the same aws cli command would return Access Denied or list the contents of the bucket.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content