I'm trying to subscribe an endpoint to a S3 bucket's events through an SNS topic.
What I achieved to have through the golang sdk:
Create an SNS topic
Make the S3 bucket's events publish to the SNS topic
Subscribe my endpoint the the SNS topic.
At this point, everything is supposed to work, but...the S3 bucket does not have the permission to publish to the SNS topic.
The default SNS policy allows only the owner to publish to the topic.
I can fix this manually from the console changing the topic's policy to allow the S3 bucket ARN to publish to the topic (see image below), but the goal is change the policy through the Golang sdk.
Policy in AWS console
As you can notice from the image above, I don't want to grant access to a specific AWS user, but to a specific S3 bucket (through its ARN).
I couldn't find anything in the SNS sdk documentation (AddPermission only allows to specify AWS account ids).
Any idea?
Related
Is there a way to find out if there is a change made to any of the IAM resources(policies, users, roles) and trigger an SNS topic other than AWS Config recording. AWS config recording is already configured to send SNS alarm to security team, and i want to have another recording just for IAM resources. please let me know.
Amazon CloudWatch Events can send notifications when particular API calls are made, and it can send Amazon SNS messages.
See: Creating a CloudWatch Events Rule That Triggers on an Event - Amazon CloudWatch Events
I have a bucket which I have configured SQS in US-EAST-1 and S3 Bucket in US West Carlifornia region , Is there any way that I can configure the SQS from other region to be invoked at the time of an s3 event
Able to setup event notification when
S3 - Same region - Same account
SQS - Same region - Same account
S3 - Same Region - Different account
SQS - Same Region - in another account
NOT WORKING
S3 - Different region
SQS - Different region
can someone help me, please?
The Amazon SQS queue must be in the same region as your Amazon S3 bucket.
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/setup-event-notification-destination.html
It isn't a supported configuration for S3 to reach across a regional boundary to send a notification to SQS. The reason why is not specifically stated in the documentation.
But there is a workaround.
An S3 bucket in us-west-1 can send an event notification to an SNS topic in us-west-1, and and an SQS queue in us-east-1 can subscribe to an SNS topic in us-west-1... so S3 (us-west-1) → SNS (us-west-1) → SQS (us-east-1) is the solution, here. After subscribing the queue to the topic, you may want to enable the "raw message delivery" option on the subscription, otherwise the message format will differ from what you expect, because otherwise SNS will add an outer wrapper to the original event notification payload.
Cross-region Amazon S3 events do not work for Amazon SNS, so they probably won't work for Amazon SQS either. See: S3 Notifications invoke sns topic in other region
Some options:
Trigger an AWS Lambda function that pushes a message into the SQS queue in the other region, or
Use cross-region replication to replicate the bucket to the other region and trigger an event from there
You can now send S3 notifications to EventBridge, from there send them to EventBridge in another region and from there forward them to SQS.
It's supported now: s3, sns in the same region, sqs another region.
I created s3 bucket with event enabled for the bucket. When the new object is uploaded to the bucket sns will trigger an event to lambda to extract content from the file.
Is there any way to customize the sns event in generic format.
There is no out-of-box way to customize the notification format (without involving a middleman like Lambda). I would suggest using AWS Lambda as the direct message destination instead of letting the S3 notification flows through SNS. This AWS documentation will be useful for you (https://docs.aws.amazon.com/AmazonS3/latest/dev/notification-walkthrough-2.html).
Currently I have AWS IoT which publishes message to the clients that are listening . But, Now I would want the AWS thing to publish the message to the clients whenever there is changes in S3 bucket .Similar to how lambda or SNS works . The trigger point should be modification in S3 bucket .
Any suggestions will be really helpful
Create an AWS Lambda function that is triggered by S3 new object events. Have the AWS Lambda function publish to the topic using the AWS SDK.
I would like to send SNS notifications to a Lambda function from one account to another exposing the lambda through and API gateway. But I'm having an Issue. I first tried with the API Gateway in the same account of the SNS topic and everything worked like a charm but when i try with a topic from other account all I got is a Bad Request Error. Do I need to configure any permission?
You need to enable permissions for the TOPIC in another account.
You can find an example in the AWS documentation, section
Allowing Any AWS Resource to Publish to a Topic