With Amazon S3 being virtually unlimited in size, it’s quite a challenge to keep everything monitored, especially when you are dealing with a large number of objects that scales up from time to time.

With Amazon S3 Event Notifications, you’ll be able to immediately know when an object in your bucket was created, removed, or restored. This feature lets you get notifications whenever an event happens on your S3 bucket. These notifications can then be forwarded to an Amazon Simple Notification Service (Amazon SNS) topic, Amazon Simple Queue Service (Amazon SQS) queue, and AWS Lambda function. The S3 Event Notification feature supports multiple events like new object creation, object removal, object restoration, and object loss, as well as replication events for objects with S3 Replication Time Control (S3 RTC) enabled.

Configuring Amazon S3 Event Notifications

Let’s try a real-world application of this. Let’s say we want to receive an email notification every time an object is uploaded or removed from our bucket. To do this, we must configure our bucket to send a notification to SNS Topic, which will push an email notification to us.

Here, I created an SNS Topic named “S3EventNotification” with a configured access policy allowing S3 service to publish messages on SNS Topic. 

Access Policy

{
  "Version": "2008-10-17",
  "Id": "example-ID",
  "Statement": [
    {
      "Sid": "s3-event-notifier",
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:ap-southeast-1:947117271373:S3EventNotification",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:s3:::repo-load-script"
        }
      }
    }
  ]
}

Once you have your SNS Topic, create a subscription using your email address. Don’t forget to verify your email.

Next, we need to configure events on our bucket. For this example, I have an empty bucket named repo-load-script.

Go to Property Tab > Advanced Settings and select Events. You can select multiple events as triggers. For now, let’s select All object create events and All object delete events. Select SNS Topic as destination, choose a Topic, then click save.

Let’s try uploading a text file to our bucket and let’s see if we are able to receive an email notification.

Here’s the email notification received after uploading and deleting it. It contains necessary information like Event Name and Time, Bucket and Object Name, User Identity, and Source IP Address which are pretty helpful when investigating incidents like object deletion.

Final Thoughts

The Amazon S3 Notification feature is a simple yet effective way of monitoring bucket events. This can also be useful in processes that are dependent on bucket events. You have an option to send it to SNS topic (which we just did), trigger a Lambda Function, or send it to SQS queue which then can be consumed by another process later on. 

Sources:

https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/ways-to-add-notification-config-to-bucket.html