If you want to capture the s3 events (Put, Post, copy, delete etc), you can do with s3 event notification. in simple language, The Amazon S3 notification feature enables you to receive notifications when certain events happen in your s3 bucket.
Amazon S3 can publish the following events:
S3 can send events to the following destinations:
How to Enable s3 Event Notifications to trigger lambda using Terraform:
1. Create IAM role for lambda
data "aws_iam_policy_document" "iam_assume_role_policy" {
statement {
actions = [
"sts:AssumeRole",
]
principals {
type = "Service"
identifiers = [
"lambda.amazonaws.com"
]
}
}
}
resource "aws_iam_role" "lambda_role" {
name = "LAMBDA-ROLE"
assume_role_policy = "${data.aws_iam_policy_document.iam_assume_role_policy.json}"
}
2. Create lambda function if you want a new one
resource "aws_lambda_function" "s3lambda" {
filename = "code.zip"
function_name = "s3_event_lambda"
role = "${aws_iam_role.lambda_role.arn}"
handler = "lambda_function.lambda_handler"
runtime = "python2.7"
}
3. Creates a Lambda permission
It will allow external sources invoking the Lambda function (e.g. CloudWatch Event Rule, SNS or S3).
resource "aws_lambda_permission" "allow_bucket" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.s3lambda.arn}"
principal = "s3.amazonaws.com"
source_arn = "${data.aws_s3_bucket.bucket.arn}"
}
Create s3 bucket if needed or use existing bucket, on which you want event notifications
resource "aws_s3_bucket" "bucket" {
bucket = "event_bucket_name"
}
4. Configure the notification
Let add the notification for all create events
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = "${aws_s3_bucket.bucket.id}"
lambda_function {
lambda_function_arn = "${aws_lambda_function.s3lambda.arn}"
events = ["s3:ObjectCreated:*"]
filter_prefix = "<_prefix_if_any_dir_in_s3>/"
filter_suffix = "<_suffix_of_file_put_in_s3>"
}
}
That’s all. This will add the event notification on the s3 bucket for all the create events.