My Saved Presets
You must be logged in to view saved presets

Loading Library ...

S3 to Lambda Notification Configuration

Configures an S3 bucket to trigger a Lambda function when new objects are created with a .log suffix in the AWSLogs directory.

iam_for_lambda

aws_iam_role



inline_policy



managed_policy_arns





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



func

aws_lambda_function

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



allow_bucket

aws_lambda_permission











depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



bucket

aws_s3_bucket


grant

permissions


cors_rule

allowed_headers

allowed_methods

allowed_origins

expose_headers

lifecycle_rule


expiration

transition


noncurrent_version_expiration
noncurrent_version_transition

logging


object_lock_configuration

rule
apply_server_side_encryption_by_default


replication_configuration

rules
destination



access_control_translation


replication_time
metrics
filter



source_selection_criteria
sse_kms_encrypted_objects
server_side_encryption_configuration
rule
apply_server_side_encryption_by_default

versioning
website



routing_rules

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



bucket_notification

aws_s3_bucket_notification


lambda_function

events





queue

events





topic

events





depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



assume_role

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_iam_policy_document" "assume_role" {

  statement {
    actions = ["sts:AssumeRole"]
    effect = "Allow"

    principals {
      identifiers = ["lambda.amazonaws.com"]
      type = "Service"
    }
  }
}

resource "aws_iam_role" "iam_for_lambda" {
  assume_role_policy = data.aws_iam_policy_document.assume_role.json
  name = "iam_for_lambda"
}

resource "aws_lambda_function" "func" {
}

resource "aws_lambda_permission" "allow_bucket" {
  action = "lambda:InvokeFunction"
  function_name = aws_lambda_function.func.arn
  principal = "s3.amazonaws.com"
  source_arn = aws_s3_bucket.bucket.arn
  statement_id = "AllowExecutionFromS3Bucket"
}

resource "aws_s3_bucket" "bucket" {
  bucket = "your-bucket-name"
}

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = aws_s3_bucket.bucket.id
  depends_on = ["aws_lambda_permission.allow_bucket"]

  lambda_function {
    events = ["s3:ObjectCreated:*"]
    filter_prefix = "AWSLogs/"
    filter_suffix = ".log"
    lambda_function_arn = aws_lambda_function.func.arn
  }
}

© 2024 asecurecloud. All rights reserved.