I want to use Cloudformation to create an S3 bucket that will trigger Lambda function whenever an S3 event occurs such as file creation, file deletion, etc.
From my research, I have my AWS::Lambda::Function and AWS::S3::Bucket setup,
AWSTemplateFormatVersion: '2010-09-09'
Resources:
HandleFileCreation:
Type: "AWS::Lambda::Function"
Properties:
...
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/AWSLambdaFullAccess
AssumeRolePolicyDocument:
...
ReportsBucket:
Type: AWS::S3::Bucket
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ReportsBucket
PolicyDocument:
...
I was looking at the AWS::Events::Rule, but the example is only for EC2 and I can't find examples for S3
EventRule:
Type: "AWS::Events::Rule"
Properties:
Description: "EventRule"
EventPattern:
source:
- "aws.ec2"
detail-type:
- "EC2 Instance State-change Notification"
detail:
state:
- "stopping"
State: "ENABLED"
Targets:
-
Arn:
Fn::GetAtt:
- HandleFileCreation
- Arn
Id: TargetFunctionV1
PermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName:
Ref: HandleFileCreation
Action: "lambda:InvokeFunction"
Principal: "events.amazonaws.com"
SourceArn:
Fn::GetAtt:
- "EventRule"
- "Arn"
How do I write the template to trigger on S3 events?
Amazon S3 can send an event to a Lambda function when an object is created or deleted. You configure notification settings on a bucket, and grant Amazon S3 permission to invoke a function on the function's resource-based permissions policy.
Yes, it is possible. Here are a few options: Manually create an SNS Topic.
Here is an example covered,
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html
EncryptionServiceBucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub ${User}-encryption-service
NotificationConfiguration:
LambdaConfigurations:
-
Function: !Ref LambdaDeploymentArn
Event: "s3:ObjectCreated:*"
Filter:
S3Key:
Rules:
-
Name: suffix
Value: zip
One issue I have noticed is, you need to create the function before you assign a trigger to it. If you are doing with CF, make sure you create lambda function before you create trigger for it.
Hope it helps.
I found the answer in one of the Visual Studio example projects with the Amazon Toolkit:
"myBucketName": {
"Type": "AWS::S3::Bucket",
"Properties": { }
},
"csvProcessor" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
"Handler": "appli::appli.csvProcessor::FunctionHandler",
"Runtime": "dotnetcore2.1",
"CodeUri": "",
"Description": "Function processing files when they're dropped in s3 bucket",
"MemorySize": 256,
"Timeout": 30,
"Role": null,
"Policies": [ "AWSLambdaFullAccess" ],
"Events": {
"madeUpEventName" : {
"Type" : "S3",
"Properties" : {
"Bucket" : { "Ref" : "myBucketName" },
"Events" : [
"s3:ObjectCreated:*"
]
}
}
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With