Is your request related to a new offering from AWS?

No, this is not related to a new AWS offering. The request is based on a security recommendation from a blog post.

Is your request related to a problem? Please describe.

Yes, the problem is that easily guessable S3 bucket names can lead to unauthorized access and increased AWS bills, as described in this blog post: https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
The key lessons from the blog post are:

• Anyone who knows the name of an S3 bucket can ramp up the AWS bill by uploading data to that bucket.
• Adding a random suffix to bucket names can enhance security by making the bucket names harder to guess.

Describe the solution you'd like.

I would like the Terraform AWS S3 module enforces a random suffix for all S3 bucket names created through Terraform. This could be an optional setting that users can enable for better security.

The concrete name of the bucket should be up to the user, but if necessary, bucket_prefix can be used.

Security through obscurity is not good.

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.