skip to Main Content

I want to create an Eventbridge rule for S3 Policy change event.
After researching for a while I got to know that for this, Rule pattern should be created for Cloudtrail API.
I created the rule with below pattern –

{
  "source": ["aws.s3"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"]
  }
}

I attached SNS as a target to this rule, which has my email id as subscription.
But while testing(Adding/Deleting bucket policy), I can see that rule is not getting triggered as I am not able to receive any mails from target SNS.
Can someone let me know If the rule pattern is correct ?
Also I checked in Cloudtrail, I was able to see api events getting generated for PutBucketPolicy and DeleteBucketPolicy

2

Answers


  1. Chosen as BEST ANSWER

    The event pattern mentioned in the question was not correct. Following worked for me -

    {
      "source": ["aws.s3"],
      "detail-type": ["AWS API Call via CloudTrail"],
      "detail": {
        "eventSource": [
          "s3.amazonaws.com"
        ],
        "eventName": [
          "PutBucketPolicy",
          "DeleteBucketPolicy"
        ],
        "requestParameters": {
          "bucketName": ["<bucket_name_goes_here>"]
          }
      }
    }
    

  2. The EventBridge rule that you mentioned is correct and sufficient to route all the CloudTrail S3 Events, including PutBucketPolicy and DeleteBucketPolicy, to the designated SNS topic.

    However, by default, CloudTrail does not send bucket-level events to EventBridge.
    To publish those management events to EventBridge, you need to create an active trail and that will ensure the events are published to EventBridge. Once the trail is set up, the EventBridge rule you created will effectively route the bucket-level events to the specified SNS topic.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search