It seems that there is often the question of whether one should name buckets as images-example-com
or images.example.com
.
Two things to consider are:
Strictly speaking, buckets with dots in the name will show an SSL mismatch warning when you address them over HTTPS using the default bucket URI.
This is due to the fact that S3 operates on the .amazonaws.com
domain, and any extra dots will make it seem as if a bucket is a subdomain (not covered by the SSL certificate).
On the other hand, you have to use dots if you want to have a custom domain (CNAME) pointed at your bucket. That is to say, the bucket name has to match the said custom URL in order for S3's virtual-host style service to work.
For example, we call our bucket images.example.com
and add a DNS record of images.example.com
CNAME images.example.com.s3.amazonaws.com
.
S3 would then forward incoming request to any bucket with a name matching the host in the HTTP headers (refer to http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html).
So, it would seem that based on the name we chose, we can use either one of the features or the other (HTTPS vs CNAME). But there is a solution to this dilemma: CloudFront.
Placing a CloudFront distribution in front of our bucket allows a custom domain, plus a custom SSL certificate, to be specified.