Domain-Named Bucket Verification

This page describes requirements for creating buckets with domain names and discusses verification methods for domain owners and managers. To learn how to create a bucket, see the Creating storage buckets guide. For general information on bucket naming, see the Bucket and Object Naming Guidelines.

Requirements for domain-named buckets

Cloud Storage considers bucket names that contain dots to be domain names, and as such these bucket names must:

  • Be syntactically valid DNS names (for example, bucket..example.com is not valid because it contains two dots in a row)
  • End with a currently-recognized top-level domain, such as .com
  • Pass domain ownership verification

Who can create a domain-named bucket

If a domain has one or more verified owners, then only they can create buckets whose names use the domain. If a domain does not have any verified owners, then verified website owners may create buckets whose names use the domain. Until the domain or its website has at least one verified owner, no bucket whose name uses the domain can be created. Note that domain ownership is a higher level of control than website ownership and may be useful in situations where a site wants to tightly control who can create domain-named buckets.

For example, you might have two IT staff members who are responsible for managing your site, called "example.com". Once they complete the necessary verification (see below), only they would be able to create buckets called "example.com", "reports.example.com", "downloads.example.com", and other domain-named buckets.

Verified website and domain owners can use Search Console to add additional website or domain owners. From the Search Console dashboard, find the website you want to manage and select Manage property > Add or remove users. To add a domain owner, select Manage property owners link. If you are a domain owner, you can add additional domain owners.

Ownership verification

If your project needs to have a domain-named bucket, the team member creating the bucket must demonstrate that he or she is an owner or manager of the domain before creating the bucket. Cloud Storage verifies that the user is an owner or manager of that domain before permitting creation of a domain-named bucket.

To demonstrate that you are an owner or manager of a domain, use the Search Console verification process. The verification process provides a number of ways to demonstrate ownership of a site or domain, including:

  • Adding a special Meta tag to the site's homepage.
  • Uploading a special HTML file to the site.
  • Verifying ownership directly from Search Console.
  • Adding a DNS TXT or CNAME record to the domain's DNS configuration.

For more information, see the help page on verifying your site ownership.

Meta tag verification and HTML file verification are easier to perform and are adequate for most situations. They demonstrate ownership of the website for the domain or its parent.

Verifying ownership directly from Search Console as well as from DNS TXT or CNAME record verification demonstrates ownership of the domain itself. Use one of these verification methods when you want to create a domain-named bucket to host content. For more information, see Domain-based Verification below.

Site-based verification

If you have administrative control over the HTML files that make up a site, you can use one of the site-based verification methods to verify that you control or own a site. When you do this, Cloud Storage lets you create buckets representing the verified site and any subsites, provided nobody has used the DNS TXT record method to verify domain ownership of a parent of the site.

As an example, assume that nobody has used the DNS TXT record method to verify ownership of the following domains: abc.def.example.com, def.example.com, and example.com. In this case, Cloud Storage lets you create a bucket named abc.def.example.com if you verify that you own or control any of the following sites:

  • http://abc.def.example.com
  • http://def.example.com
  • http://example.com

Domain-based verification

If you have administrative control over a domain's DNS configuration, you can use the DNS TXT record verification method to verify that you own or control a domain. When you use the domain-based verification method to verify that you own or control a domain, Cloud Storage lets you create buckets that represent any subdomain under the verified domain. Furthermore, Cloud Storage prevents anybody else from creating buckets under that domain unless you add their name to the list of verified domain owners or they have verified their domain ownership by using the DNS TXT record verification method. For more information, see the related help topic.

For example, if you use the DNS TXT record verification method to verify your ownership of the domain example.com, Cloud Storage will let you create bucket names that represent any subdomain under the example.com domain, such as abc.def.example.com, example.com, or abc.example.com.

Using the DNS TXT record method to verify domain ownership supersedes verification by site-based verification methods. For example, if you use the Meta tag method or HTML file method to verify domain ownership of http://example.com, but someone else uses the DNS TXT record method to verify ownership of the example.com domain, Cloud Storage will not allow you to create a bucket named example.com. To create the bucket example.com, the domain owner who used the DNS TXT method to verify domain ownership must add you to the list of verified domain owners for example.com.

The DNS TXT record verification method is particularly useful if you manage a domain for a large organization that has numerous subdomains because it lets you control who can create buckets representing those domain names.

You must use DNS TXT record verification before creating a domain-named bucket to host content.

Authorizing service accounts

Once you have performed domain verification, you can authorize a service account to create buckets under that domain. Go to the Search Console's verification process at https://www.google.com/webmasters/verification/details?hl=en&domain=[YOUR-DOMAIN.COM]. Click Add an owner at the end of the page to add the email address for your service account.

Send feedback about...

Cloud Storage Documentation