How to add event notification on s3 bucket to trigger lambda in terraform

Validate and debug the cloudformation template
October 1, 2018
What are advantages and disadvantages of Cloud Computing
October 3, 2018

How to add event notification on s3 bucket to trigger lambda in terraform

If you want to capture the s3 events (Put, Post, copy, delete etc), you can do with s3 event notifications. in simple language, The Amazon S3 notification feature enables you to receive notifications when certain events happen in your s3 bucket.

Amazon S3 can publish the following events:

  • A new object creation: s3:ObjectCreated:*, s3:ObjectCreated:Put, s3:ObjectCreated:Post, s3:ObjectCreated:Copy, s3:ObjectCreated:CompleteMultipartUpload
  • An object removal: s3:ObjectRemoved:*, s3:ObjectRemoved:Delete, s3:ObjectRemoved:DeleteMarkerCreated
  • A Reduced Redundancy Storage (RRS) object lost: s3:ReducedRedundancyLostObject

S3 can send events to the following destinations:

  • Amazon Simple Notification Service (Amazon SNS) topic
  • Amazon Simple Queue Service (Amazon SQS) queue
  • AWS Lambda

How to Enable s3 Event Notifications to trigger lambda using Terraform:

1. Create IAM role for lambda

data "aws_iam_policy_document" "iam_assume_role_policy" {
statement {
actions = [
"sts:AssumeRole",
]
principals {
type = "Service"

identifiers = [
"lambda.amazonaws.com"
	]
     }
  }
}

resource "aws_iam_role" "lambda_role" {
  name = "LAMBDA-ROLE"
  assume_role_policy = "${data.aws_iam_policy_document.iam_assume_role_policy.json}"
}

2. Create lambda function if you want a new one

resource "aws_lambda_function" "s3lambda" {
  filename      = "code.zip"
  function_name = "s3_event_lambda"
  role          = "${aws_iam_role.lambda_role.arn}"
  handler       = "lambda_function.lambda_handler"
  runtime   = "python2.7"
}

3. Creates a Lambda permission

It will allow external sources invoking the Lambda function (e.g. CloudWatch Event Rule, SNS or S3).

resource "aws_lambda_permission" "allow_bucket" {
  statement_id  = "AllowExecutionFromS3Bucket"
  action        = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.s3lambda.arn}"
  principal     = "s3.amazonaws.com"
  source_arn    = "${data.aws_s3_bucket.bucket.arn}"
}

Create s3 bucket if needed or use existing bucket, on which you want event notifications

resource "aws_s3_bucket" "bucket" {
bucket = "event_bucket_name"
}

4. Configure the notification

Let add the notification for all create events

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = "${aws_s3_bucket.bucket.id}"

  lambda_function {
    lambda_function_arn = "${aws_lambda_function.s3lambda.arn}"
    events              = ["s3:ObjectCreated:*"]
    filter_prefix       = "<_prefix_if_any_dir_in_s3>/"
    filter_suffix       = "<_suffix_of_file_put_in_s3>"
  }
}

 

That’s all. This will add the event notification on the s3 bucket for all the create events.

Bitnami