S3 Security Controls: S3 to SNS Notification Configuration

Terraform Template

data "aws_iam_policy_document" "topic" {

  statement {
    actions = ["SNS:Publish"]

    condition {
      test = "ArnLike"
      values = [aws_s3_bucket.bucket.arn]
      variable = "aws:SourceArn"
    }
    effect = "Allow"

    principals {
      identifiers = ["s3.amazonaws.com"]
      type = "Service"
    }
    resources = ["arn:aws:sns:*:*:s3-event-notification-topic"]
  }
}

resource "aws_s3_bucket" "bucket" {
  bucket = "your-bucket-name"
}

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = aws_s3_bucket.bucket.id

  topic {
    events = ["s3:ObjectCreated:*"]
    filter_suffix = ".log"
    topic_arn = aws_sns_topic.topic.arn
  }
}

resource "aws_sns_topic" "topic" {
  name = "s3-event-notification-topic"
  policy = data.aws_iam_policy_document.topic.json
}

Loading Library ...

S3 to SNS Notification Configuration

bucket

permissions

allowed_headers

allowed_methods

allowed_origins

expose_headers

routing_rules

depends_on

ignore_changes

replace_triggered_by

bucket_notification

events

events

events

depends_on

ignore_changes

replace_triggered_by

topic

depends_on

ignore_changes

replace_triggered_by

topic

override_policy_documents

source_policy_documents

actions

values

not_actions

identifiers

not_resources

identifiers

resources

depends_on

ignore_changes

replace_triggered_by

Terraform Template