This page describes requirements for creating buckets with domain names and discusses verification methods for domain owners. To learn how to create a bucket, see the Creating storage buckets guide. For general information on bucket naming, see the bucket naming guidelines.
Requirements for domain-named buckets
Cloud Storage considers bucket names that contain dots to be domain names. As such, a bucket containing a dot in its name must:
- Be a syntactically valid DNS name (for example,
bucket..example.comis not valid because it contains two dots in a row).
- End with a currently-recognized top-level domain, such as
- Be created by a user who is authorized to work with the domain name.
Examples of valid domain-named buckets include
Who can create a domain-named bucket
To create a bucket that uses a domain name, you must establish that you are authorized to use the domain name. People authorized to use a domain name include:
- Verified owners of the domain or parent domain
- Delegated owners of the domain or parent domain
- Verified site owners of the domain or parent domain
Site owners cannot create the bucket when a domain owner exists. This allows the domain owners to tightly control who can create domain-named buckets.
For example, say you have an IT staff member who owns the website that uses
http://reports.example.com. Once they go through verification of that site,
they can create buckets such as
annual.reports.example.com. However, if you later verify that you own the
example.com, only you can then create these buckets. Since you
verified the domain
example.com, you can also create the bucket
As the site owner, your IT staff member can no longer create buckets.
Domain ownership verification
If your project intends to have a domain-named bucket, the team member creating the bucket must demonstrate that they are authorized to create a bucket in the given domain. When you intend to host your domain's content in a Cloud Storage bucket, the recommended verification method is to verify domain ownership.
Cloud Storage uses the Search Console to verify domain ownership.
To verify domain ownership:
Open Search Console. You must be signed in with the Google account that you will use to manage ownership of your domain.
In the Domain pane, enter the domain or sub-domain that you want to verify, and click Continue.
Follow the instructions that appear in the pane Verify domain ownership via DNS record.
Once you have verified domain ownership, you can add additional delegated owners, who can also create buckets under the verified domain name. These owners can include service accounts.
To add delegated owners to your domain:
- Go to Search Console's user management page. Make sure that the domain you want to manage is selected in the property selector.
- Click Add user.
- In the dialog box, enter the email of the new owner.
- For Permission select "Owner".
- Click Add.
See the Search Console help page for information on topics including:
- Methods of verifying site ownership.
- Verifying using a DNS TXT or CNAME record.
- Troubleshooting common verification errors.