S3: difference in EMC ECS and Amazon AWS naming restrictions

Amazon ans EMC S3 naming In that post I combined general restriction on S3 logical entities naming applied to ECS and AWS solutions.

Namespace name

  • The name must contain lowercase characters only.
  • Length range is 1-255 Unicode characters.
  • Valid characters are alpha-numeric characters, hyphen (-) and underscore (_).

Object user name


  • AWS Access Key ID has 20 characters (like 022QF06E7MXBSH9DHM02).
  • Alpha-numeric characters are allowed only.
Note: AWS Access Key ID maps to the ECS object user ID.


ECS S3 data service does not have such limitations.
  • User names must be lowercase letters, numbers and any of the following characters: ! # $ & ‘ ( ) * + , – . / : ; = ? @_ ~
Note: I don’t know what is a name length restriction. For testing purposes I created a user with 260 characters name long.

Object user password


  • AWS Secret Access Key is 40 alpha-numeric-slash-plus characters (like kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct).
Note: AWS Secret Access Key maps to Object User password.


ECS supports both ways to create object user password:
  • ECS generated (like U2aavAznYPLstVMBLDBt9xsxBeu86TNBLcde4GUR). Available via API request and ECS GUI.
  • User assigned (like 123456). Available via API only. ECS GUI doesn’t allow assigning user defined object user password.
Note: up to 2x passwords are allowed per S3 object user.
ECS S3 data service will tries to use the first password, and if the calculated signature does not match, it tries to use the second password. If the second key fails, it rejects the request.
When users add or change the secret key, they should wait 2 minutes so that all data service nodes can be refreshed with the new S3 object user password before using the new secret key.

Bucket name


  • Bucket names must be at least 3 and no more than 63 characters long.
  • Bucket names must be a series of one or more labels. Adjacent labels are separated by a single period (.).
  • Bucket names can contain lowercase letters, numbers, and hyphens. Each label must start and end with a lowercase letter or a number.
  • Bucket names must not be formatted as an IP address (e.g.,

Note: When using virtual hosted–style buckets with SSL, the SSL wildcard certificate only matches buckets that do not contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (“.”) in bucket names.


  • Length range is 1-255 Unicode characters.
  • Names can include dot (.), hyphen (-), and underscore (_) characters and alphanumeric characters ([a-zA-Z0-9]).
  • Names can start with a hyphen (-) or alphanumeric character.
  • The name does not support: starting with a dot (.), containing a double dot (..), ending with a dot (.), be formatted as IPv4 address (like

Object key


Although you can use any UTF-8 characters in an object key name, the following key naming best practices help ensure maximum compatibility with other applications.  Each application may parse special characters differently. The following guidelines help you maximize compliance with DNS, web safe characters, XML parsers, and other APIs.
  • Safe Characters:
Alphanumeric characters [0-9a-zA-Z] Special characters !, -, _, ., *, ‘, (, and )
  • Characters That Might Require Special Handling:
Ampersand (“&”) Dollar (“$”) ASCII character ranges 00–1F hex (0–31 decimal) and 7F (127 decimal.)
‘At’ symbol (“@”) Equals (“=”) Semicolon (“;”)
Colon (“:”) Plus (“+”) Space – Significant sequences of spaces may be lost in some uses (especially multiple spaces)
Comma (“,”) Question mark (“?”)
  • Characters to Avoid
Backslash (“\”) Left curly brace (“{“) Non-printable ASCII characters (128–255 decimal characters)
Caret (“^”) Right curly brace (“}”) Percent character (“%”)
Grave accent / back tick (“`”) Right square bracket (“]”) Quotation marks
‘Greater Than’ symbol (“>”) Left square bracket (“[“) Tilde (“~”)
‘Less Than’ symbol (“<“) ‘Pound’ character (“#”) Vertical bar / pipe (“|”)


  • Length range is 1-255 Unicode characters.
  • No validation on characters.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s