100 Days of AWS — Day 13 — Getting an alert when someone deletes any object in the S3 bucket

3 min readApr 16, 2022

To view the complete course, please enroll it using the below link(it’s free)

https://www.101daysofdevops.com/courses/100-days-of-aws/

Welcome to Day 13 of 100 Days of AWS. The topic for today is Getting an alert when someone deletes any object in the S3 bucket

Sometimes our requirement is when anyone deletes any object in S3 bucket we should receive an alert.

What is S3 Event?

The Amazon S3 notification feature enables you to receive notifications(SNS/SQS/Lambda) when certain events(mentioned below)happen in your bucket. Some of the examples of these events

Just to re-iterate the same thing S3 events work at the object level, so if something happens to the object, in this case, maybe PUT, POST, COPY or DELETE then the event is generated and that event will be delivered to the target(SNS, SQS or LAMBDA)

To Configure S3 events

First, go to the SNS topic https://us-west-2.console.aws.amazon.com/sns/v3/home
Select the SNS topic and click on Edit

Click on Access policy. Paste this json policy(We still need permission on SNS topic to allow S3 event system to deliver events to it)

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish",
        "SNS:Receive"
      ],
      "Resource": "arn:aws:sns:us-west-2:XXXXXX:my-test-topic", <--SNS topic
      "Condition": {
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:s3:::XXXXXX" <--S3 Bucket ARN
        }
      }
    }
  ]
}