1

I'm working in an environment where anyone with the necessary access is allowed to create an S3 bucket; however, it's getting to a point where we have a lot of buckets and it is hard to keep track of who created the bucket. I know it is possible to tag the buckets with the owner name, but I am looking for a more automated solution.

Is it possible to invoke a lambda function every time a bucket is created? Or is it possible to track bucket creation with cloudtrail where system administrators would get an sns notification when an s3 bucket is created?

I know it is possible to configure s3 event notification inside a bucket to trigger lambda functions/cloudwatch metrics, but I need a trigger for the entire s3 application.

J. Patwary
  • 427
  • 1
  • 7
  • 22

2 Answers2

4

Cloudtrail tracks all API Actions occurring within an account. What you want to do is create a cloudwatch event rule that triggers off the CreateBucket action then have it invoke Lambda or trigger a sns notification.

See: Creating a CloudWatch Events Rule That Triggers on an AWS API Call Using AWS CloudTrail

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Ashex
  • 523
  • 5
  • 11
1

You can use EventBridge to get at these events, via CloudTrail. The example on here is of a CreateBucket request.

Jason Wadsworth
  • 8,059
  • 19
  • 32