Event notification on s3 bucket to trigger lambda

Validate and debug the cloudformation template
October 1, 2018
What are advantages and disadvantages of Cloud Computing
October 3, 2018
0

Event notification on s3 bucket to trigger lambda

at
Categories
Tags

If you want to capture the s3 events (Put, Post, copy, delete etc), you can do with s3 event notification. in simple language, The Amazon S3 notification feature enables you to receive notifications when certain events happen in your s3 bucket.

Amazon S3 can publish the following events:

  • A new object creation: s3:ObjectCreated:*, s3:ObjectCreated:Put, s3:ObjectCreated:Post, s3:ObjectCreated:Copy, s3:ObjectCreated:CompleteMultipartUpload
  • An object removal: s3:ObjectRemoved:*, s3:ObjectRemoved:Delete, s3:ObjectRemoved:DeleteMarkerCreated
  • A Reduced Redundancy Storage (RRS) object lost: s3:ReducedRedundancyLostObject

S3 can send events to the following destinations:

  • Amazon Simple Notification Service (Amazon SNS) topic
  • Amazon Simple Queue Service (Amazon SQS) queue
  • AWS Lambda

How to Enable s3 Event Notifications to trigger lambda using Terraform:

1. Create IAM role for lambda

data "aws_iam_policy_document" "iam_assume_role_policy" {
statement {
actions = [
"sts:AssumeRole",
]
principals {
type = "Service"

identifiers = [
"lambda.amazonaws.com"
	]
     }
  }
}

resource "aws_iam_role" "lambda_role" {
  name = "LAMBDA-ROLE"
  assume_role_policy = "${data.aws_iam_policy_document.iam_assume_role_policy.json}"
}

2. Create lambda function if you want a new one

resource "aws_lambda_function" "s3lambda" {
  filename      = "code.zip"
  function_name = "s3_event_lambda"
  role          = "${aws_iam_role.lambda_role.arn}"
  handler       = "lambda_function.lambda_handler"
  runtime   = "python2.7"
}

3. Creates a Lambda permission

It will allow external sources invoking the Lambda function (e.g. CloudWatch Event Rule, SNS or S3).

resource "aws_lambda_permission" "allow_bucket" {
  statement_id  = "AllowExecutionFromS3Bucket"
  action        = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.s3lambda.arn}"
  principal     = "s3.amazonaws.com"
  source_arn    = "${data.aws_s3_bucket.bucket.arn}"
}

Create s3 bucket if needed or use existing bucket, on which you want event notifications

resource "aws_s3_bucket" "bucket" {
bucket = "event_bucket_name"
}

4. Configure the notification

Let add the notification for all create events

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = "${aws_s3_bucket.bucket.id}"

  lambda_function {
    lambda_function_arn = "${aws_lambda_function.s3lambda.arn}"
    events              = ["s3:ObjectCreated:*"]
    filter_prefix       = "<_prefix_if_any_dir_in_s3>/"
    filter_suffix       = "<_suffix_of_file_put_in_s3>"
  }
}

 

That’s all. This will add the event notification on the s3 bucket for all the create events.

Admin
Admin

Related posts

AWS Config
September 30, 2020

How to register delegated admin account for AWS Config

Read more
Control Tower
May 19, 2020

How to install AWS Control Tower in existing AWS Organization

Read more
Control Tower
May 11, 2020

How to create AWSControlTowerExecution IAM role in AWS account

Read more
March 11, 2020

Bottlerocket – an open-source operating system for containers

Read more
March 28, 2019

How to monitor any web endpoint using AWS

Read more
March 24, 2019

Send logs from docker instance to AWS CloudWatch

Read more