We're working with a customer who wishes to make a whitelist entry for a range of AWS S3 bucket addresses in their firewall. The names would be in the form:
abc-*-xyz.s3-us-east-2.amazonaws.com
OR
abc-*-xyz.s3.us-west-1.amazonaws.com
Where the "*" would be a randomly generated string that maps to an ephemeral name for a particular S3 bucket.
They are claiming this is not possible because the host in the URI has more than 3 parts. So they say that if it were "abc-*-xyz.amazonaws.com" it could work. But the other pieces in that host make it an invalid authority to use in a whitelist entry.
Is that true? Might it be a limitation of some very old version? I would welcome any pointers to appropriate documentation about this as well as answers.
Thanks!