AWS S3 is there a notification on GetObject? - amazon-web-services

I have a usecase where I want to put data into an S3 bucket, for it to read later, by another account. I only want the other account to be able to read the file in S3, and once they have read it, I will then delete the file myself.
I have been reading the S3 documentation, and cannot see they cover this usecase: of sending a notification when a file in an S3 bucket is read ?
Can anyone help, or suggest an alternative workflow ? I have been looking at AWS SNS and was wondering if that would be a better solution ?

You could use CloudTrail and CloudWatch Events to enable this workflow.
By default S3 API calls are not logged so you'd want to enable that following the instructions here.
Then enable a CloudWatch event rule for the Simple Storage Service where the "GetObject" operation occurs.
Have this event invoke a Lambda function that will remove the object.
More information available here.

Related

Cloudtrail logs is turned off for your account

I'm trying to trigger AWS Step Function whenever a new file is uploaded on S3 bucket. I'm using Cloudwatch rules to do this but I'm getting this warning
I tried to follow AWS documentation link "https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-cloudwatch-events-s3.html#tutorial-cloudwatch-events-s3-step-1" but state machine did not invoked.
Can anyone tell me what exactly I'm doing wrong?
EDIT
I created this trail and region is Ohio
I found the issue, we need to enable data events as well to get API calls for S3. It was not mentioned in above AWS Document.

How to trigger a lambda function when a file is downloaded from a s3 bucket?

I am aware of triggering when a file is uploaded into a bucket. But how do we trigger a lambda function when a file is downloaded from a s3 bucket.
I have been trying using server logs and cloud watch but couldn't find the solution.
Currently S3 dosen't support read events.
However, their can be 2 approaches to solve the issue.
Use cloudTrail to track api call which reads S3 object and create an alarm on event which in turn triggers the lambda.
S3 --> CloudTrail (Read Call) --> CloudWatch Event --> Lambda
or otherwise
Just don't give access to bucket directly and control the downloads via lambda itself.

Track AWS S3 bucket creation?

I'm working in an environment where anyone with the necessary access is allowed to create an S3 bucket; however, it's getting to a point where we have a lot of buckets and it is hard to keep track of who created the bucket. I know it is possible to tag the buckets with the owner name, but I am looking for a more automated solution.
Is it possible to invoke a lambda function every time a bucket is created? Or is it possible to track bucket creation with cloudtrail where system administrators would get an sns notification when an s3 bucket is created?
I know it is possible to configure s3 event notification inside a bucket to trigger lambda functions/cloudwatch metrics, but I need a trigger for the entire s3 application.
Cloudtrail tracks all API Actions occurring within an account. What you want to do is create a cloudwatch event rule that triggers off the CreateBucket action then have it invoke Lambda or trigger a sns notification.
See: Creating a CloudWatch Events Rule That Triggers on an AWS API Call Using AWS CloudTrail
You can use EventBridge to get at these events, via CloudTrail. The example on here is of a CreateBucket request.

AWS Connect cannot call lambda / save recording to s3 bucket

I'm new to AWS Connect and I tried to save recordings + trigger lambda in an incoming flow.
Here's the diagram:
However, I can't see any files in the bucket or even any logs in lambda. Is there something wrong in the diagram? I also enabled saving recording to s3 with the default bucket AWS Connect suggested. I can see the bucket but it's always empty.
Thanks!
****EDIT****
The logs of /aws/connect/personal is also empty
To enable your recordings from the dashboard in the Set block pull Set logging behavior onto your contact flow and touch enable. The lambda follow the instructions laid out here: https://docs.aws.amazon.com/connect/latest/adminguide/connect-lambda-functions.html. You need to be sure that you generate the permissions for Connect to access the lambda in your terminal utilizing aws-cli an example is given review the parameters that you need to change from the code provided.
Lastly be sure to save, and then save and publish and in a few minutes your changes should take effect.

For the open data in s3 from AWS, how can I register some notification when new open data landed in its bucket?

I'm trying to achieve the ask from the title. For example, my architecture design involves trigger a Lambda function whenever a new data land on the open data s3 bucket (say this one: https://registry.opendata.aws/sentinel-2/).
I read https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html and Amazon S3 triggering another a Lambda function in another account but I non of those really help me so far. Had anyone done similar task before? Thanks in advance!
You can configure Amazon S3 events to send a message to an Amazon SNS Topic OR have it trigger an AWS Lambda function.
If you wish to do any further logic (eg checking specific permissions), you would need to do that within the Lambda function.
See: Configuring Amazon S3 Event Notifications - Amazon Simple Storage Service