Sunday, June 22, 2025

S3 Event Notifications with Amazon EventBridge.

 

Amazon S3 Event Notifications with Amazon EventBridge allow twtech to capture nearly all S3 events as EventBridge events and route them to various AWS services (e.g., Lambda, Step Functions, SQS, SNS, Kinesis, or even external APIs via EventBridge API destinations).

This is different from traditional S3 Event Notifications, which only support s3:ObjectCreated, s3:ObjectRemoved, etc. to Lambda, SQS, or SNS.

 The Reasons twtech recommends EventBridge with S3:

Feature

S3 Event Notifications

S3 → EventBridge

Destinations

Lambda, SQS, SNS

Any EventBridge-supported service

Event types

Limited (object create/delete)

Full range (ACL changes, bucket policy changes, etc.)

Filtering

By prefix/suffix

Advanced rules (content-based)

Reliability

Best-effort

More durable/reliable, retry logic

Multiple targets

Manual config

Easily attach multiple rules/targets

 How twtech Enables S3 EventBridge Integration

Step 1: Enable EventBridge on your S3 bucket

twtech must enable EventBridge event delivery for the bucket.

Option 1: Via AWS Console

·        Go to your S3 bucket

·        Select Properties

·        Scroll to Event notifications

·        Click Enable EventBridge

Option 2: Via AWS CLI

# bash
 aws s3control put-bucket-notification-configuration \
  --account-id 123456789xxxx \
  --bucket twtech-s3bucket \
  --notification-configuration '{}'

(Empty configuration allows S3 to send events to EventBridge.)

Step 2: Create an EventBridge Rule

Create a rule that matches S3 events you're interested in.

 Example: Trigger on any object upload

# json
{
  "source": ["aws.s3"],
  "detail-type": ["Object Created"],
  "detail": {
    "bucket": {
      "name": ["twtech-s3bucket"]
    }
  }
}

twtech can use this rule in the console or via the CLI:

#  bash
aws events put-rule \
  --name "S3ObjectCreatedRule" \
  --event-pattern file://event-pattern.json \
  --state ENABLED

Then attach a target (e.g., Lambda function):

# bash
aws events put-targets \
  --rule "S3ObjectCreatedRule" \
  --targets "Id"="1","Arn"="arn:aws:lambda:us-east-2:12345678xxxx:function:YourFunction"

 Example EventBridge Event from S3

#  json 
{
  "version": "0",
  "id": "abcd-1234-5678",
  "detail-type": "Object Created",
  "source": "aws.s3",
  "account": "12345678xxxx",
  "time": "2025-06-22T01:23:45Z",
  "region": "us-east-2",
  "resources": ["arn:aws:s3:::twtech-s3bucket"],
  "detail": {
    "bucket": {
      "name": "twtech-s3bucket"
    },
    "object": {
      "key": "images/photo.jpg",
      "size": 2048
    },
    "request-id": "ABCDEF1234567890",
    "requester": "arn:aws:iam::123456789xxx:user/UploadUser",
    "source-ip-address": "192.0.2.0",
    "reason": "PutObject"
  }
}

 IAM Permissions

To use EventBridge with S3:

1.     S3 automatically emits events to EventBridge – no special permissions required on your part.

2.     twtech IAM principal (user/role) must have:

# json
{
  "Effect": "Allow",
  "Action": [
    "events:PutRule",
    "events:PutTargets",
    "events:DescribeRule"
  ],
  "Resource": "*"
}

And twtech Lambda or other targets must allow invocation from EventBridge.

Project: Hands-on

How twtech creates s3 and configure EventBridge.


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Kubernetes Clusters | Upstream Vs Downstream.

  The terms "upstream" and "downstream" in the context of Kubernetes clusters often refer to the direction of code fl...