7

I have created an event rule in aws events bridge with event pattern:

{
  "source": [
    "aws.s3"
  ]
}

Target is a CloudWatch log group. Now when I change something on bucket level e.g. bucket permissions then I see an event captured in cloud watch but when I add add/delete a file in s3 bucket then nothing happens. What is wrong here ?

user10916892
  • 825
  • 12
  • 33

3 Answers3

6

To log object-level events you have to enable logging data events for S3 in CloudTrail's trail. If you don't have a trail already, you have to create one making sure that you enable data event logging for s3.

T D Nguyen
  • 7,054
  • 4
  • 51
  • 71
Marcin
  • 215,873
  • 14
  • 235
  • 294
  • 1
    The [blogpost](https://aws.amazon.com/blogs/aws/new-use-amazon-s3-event-notifications-with-amazon-eventbridge/) announcing the feature is very misleading, the requirement to activate data events is not mentioned anywhere :-\ – Remi D Apr 06 '22 at 16:41
1

I guess, you created a custom Event Bus for this Event Rule. From AWS site, Event from AWS service only sent to the Event Bus 'Default'. So, You have to create Event Rule on Event bus 'Default'.

Event bus

Anh Nguyen tuan
  • 39
  • 1
  • 7
0

You can send object level events to Event Bridge from S3 by capturing these object events and making sure that you have S3 notifications from S3 to Event Bridge enabled on the bucket level, or you can capture these events through CloudTrail API logging. If you want to capture events for a few buckets, then the first method is easier. However, if you want to capture events across all or many buckets, then I suggest using the CloudTrail method.

Send object events directly to Event Bridge

To send object level events to Event Bridge from S3, make sure that you have enabled notifications to Event Bridge under the bucket properties:

bucket properties to enable event bridge notifications

If you are using CloudFormation, then this is available through the NotificationConfiguration property.

You can then create an Event Bridge rule that will capture actions for this bucket. This is an example to capture object creation:

{
  "detail-type": ["Object Created"],
  "source": ["aws.s3"],
  "detail": {
    "bucket": {
      "name": ["my-bucket"]
    }
  }
}

Send object events to Event Bridge via CloudTrail

To capture S3 events for multiple buckets, then the CloudTrail API method is preferred. As noted in @Marcin's response, you must create a CloudTrail trail that captures S3 data events. When creating a trail, on the "Choose log events" section, it is easiest to switch to "Basic event selectors" to select individual buckets or events across all buckets. Once you have created a trail, then you can create an Event Bridge rule to capture the Cloudtrail API events. Here is an example to capture object creation:

{
  "detail-type": ["AWS API Call via CloudTrail"],
  "source": ["aws.s3"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "eventName": ["PutObject"]
  }
}

If you would like to restrict this call to certain buckets, then you can further customize the rule:

{
  "detail-type": ["AWS API Call via CloudTrail"],
  "source": ["aws.s3"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "requestParameters": {
      "bucketName": ["my-bucket"]
    },
    "eventName": ["PutObject"]
  }
}
littleforest
  • 2,057
  • 21
  • 29