Does AWS CloudWatch Events Rule supports any wildcards in S3 bucket/key names

Question

I am trying to create an event rule that is triggered by a change in a file in S3 bucket in different AWS account. Detail description is here

So far the rule works fine with exact file names, but I need to make it work with filename prefixes. In the working example, the file name is an exact string in the non-working example the file name is a wildcard. Does CloudWatch Events Rule JSON pattern supports wildcards?

Working configuration:

{
  "source": ["aws.s3"],
  "account": ["1111111xxxxx"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "eventName": ["PutObject"],
    "requestParameters": { "bucketName": ["mybucket"], "key": ["myfile-20180301.csv"] }
  }
}

Non-working configuration:

{
  "source": ["aws.s3"],
  "account": ["1111111xxxxx"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "eventName": ["PutObject"],
    "requestParameters": { "bucketName": ["mybucket"], "key": ["myfile-*"] }
  }
}

I want to assign a prefix. can you tell me how to do that? – Abdul Haseeb Aug 23 '21 at 20:17 — Abdul Haseeb, Aug 23 '21 at 20:17

score 15 · Accepted Answer · edited May 30 '20 at 12:26

15

I found a fancy solution for this using Content-based filtering (released in February 2020) like prefix for example.

So in your case, the solution should be:

{
  "source": ["aws.s3"],
  "account": ["1111111xxxxx"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "eventName": ["PutObject"],
    "requestParameters": {
      "bucketName": ["mybucket"],
      "key": [{ "prefix": "myfile-" }]
    }
  }
}

edited May 30 '20 at 12:26

Jeff

98
4

answered Feb 25 '20 at 19:00

Marto

214
2
6

1

Provided event pattern is not valid JSON. It's giving this error – Abdul Haseeb Aug 23 '21 at 20:07
You should try this feature on EventBridge instead of CloudWatch – ykpgrr Oct 15 '21 at 14:07
Is there also a way to perform postfix matching filter? Can't find it. – Anurag Mar 23 '22 at 13:49

Vlad Cenan · Answer 2 · 2018-11-06T10:03:23.860

0

A workaround will be to have a separate bucket where you PUT/COPY the *.csv files and remove "key" parameter. This way Cloud Watch will be triggered at any *.csv file operation on that bucket. Another this I don't know why you are seeting the key in cloud watch event pattern if the key was already set in cloud trail.

edited Nov 06 '18 at 10:03

answered Nov 06 '18 at 09:19

Vlad Cenan

172
3
11

skeller88 · Answer 3 · 2019-09-26T21:33:33.467

0

If you log events of interest to Cloudwatch via CloudTrail, then you can use a Cloudwatch metric filter with wildcard matching and create a Cloudwatch Event on that filter.

edited Sep 26 '19 at 21:33

answered Sep 26 '19 at 21:15

skeller88

4,276
1
32
34

score 0 · Answer 4 · answered May 02 '20 at 22:07

0

The template code gave by Marto was not working for me, however the doc led to a solution:

{
  "source": ["aws.s3"],
  "account": ["1111111xxxxx"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "eventName": ["PutObject"],
    "requestParameters": {
      "bucketName": ["mybucket"],
      "key": [{"prefix": "myfile-*"}]
    }
  }
}

Hope it helps.

answered May 02 '20 at 22:07

dijkstraman

166
2
11

2

Provided event pattern is not valid JSON. It's giving this error – Abdul Haseeb Aug 23 '21 at 20:14

Does AWS CloudWatch Events Rule supports any wildcards in S3 bucket/key names

4 Answers4

Linked