Manages a S3 Bucket Notification Configuration. For additional information, see the Configuring S3 Event Notifications section in the Amazon S3 Developer Guide.
data "aws_iam_policy_document" "topic" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["s3.amazonaws.com"]
}
actions = ["SNS:Publish"]
resources = ["arn:aws:sns:*:*:s3-event-notification-topic"]
condition {
test = "ArnLike"
variable = "aws:SourceArn"
values = [aws_s3_bucket.bucket.arn]
}
}
}
resource "aws_sns_topic" "topic" {
name = "s3-event-notification-topic"
policy = data.aws_iam_policy_document.topic.json
}
resource "aws_s3_bucket" "bucket" {
bucket = "your-bucket-name"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.bucket.id
topic {
topic_arn = aws_sns_topic.topic.arn
events = ["s3:ObjectCreated:*"]
filter_suffix = ".log"
}
}
data "aws_iam_policy_document" "queue" {
statement {
effect = "Allow"
principals {
type = "*"
identifiers = ["*"]
}
actions = ["sqs:SendMessage"]
resources = ["arn:aws:sqs:*:*:s3-event-notification-queue"]
condition {
test = "ArnEquals"
variable = "aws:SourceArn"
values = [aws_s3_bucket.bucket.arn]
}
}
}
resource "aws_sqs_queue" "queue" {
name = "s3-event-notification-queue"
policy = data.aws_iam_policy_document.queue.json
}
resource "aws_s3_bucket" "bucket" {
bucket = "your-bucket-name"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.bucket.id
queue {
queue_arn = aws_sqs_queue.queue.arn
events = ["s3:ObjectCreated:*"]
filter_suffix = ".log"
}
}
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["lambda.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
resource "aws_lambda_permission" "allow_bucket" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.func.arn
principal = "s3.amazonaws.com"
source_arn = aws_s3_bucket.bucket.arn
}
resource "aws_lambda_function" "func" {
filename = "your-function.zip"
function_name = "example_lambda_name"
role = aws_iam_role.iam_for_lambda.arn
handler = "exports.example"
runtime = "go1.x"
}
resource "aws_s3_bucket" "bucket" {
bucket = "your-bucket-name"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.bucket.id
lambda_function {
lambda_function_arn = aws_lambda_function.func.arn
events = ["s3:ObjectCreated:*"]
filter_prefix = "AWSLogs/"
filter_suffix = ".log"
}
depends_on = [aws_lambda_permission.allow_bucket]
}
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["lambda.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
resource "aws_lambda_permission" "allow_bucket1" {
statement_id = "AllowExecutionFromS3Bucket1"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.func1.arn
principal = "s3.amazonaws.com"
source_arn = aws_s3_bucket.bucket.arn
}
resource "aws_lambda_function" "func1" {
filename = "your-function1.zip"
function_name = "example_lambda_name1"
role = aws_iam_role.iam_for_lambda.arn
handler = "exports.example"
runtime = "go1.x"
}
resource "aws_lambda_permission" "allow_bucket2" {
statement_id = "AllowExecutionFromS3Bucket2"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.func2.arn
principal = "s3.amazonaws.com"
source_arn = aws_s3_bucket.bucket.arn
}
resource "aws_lambda_function" "func2" {
filename = "your-function2.zip"
function_name = "example_lambda_name2"
role = aws_iam_role.iam_for_lambda.arn
handler = "exports.example"
}
resource "aws_s3_bucket" "bucket" {
bucket = "your-bucket-name"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.bucket.id
lambda_function {
lambda_function_arn = aws_lambda_function.func1.arn
events = ["s3:ObjectCreated:*"]
filter_prefix = "AWSLogs/"
filter_suffix = ".log"
}
lambda_function {
lambda_function_arn = aws_lambda_function.func2.arn
events = ["s3:ObjectCreated:*"]
filter_prefix = "OtherLogs/"
filter_suffix = ".log"
}
depends_on = [
aws_lambda_permission.allow_bucket1,
aws_lambda_permission.allow_bucket2,
]
}
data "aws_iam_policy_document" "queue" {
statement {
effect = "Allow"
principals {
type = "*"
identifiers = ["*"]
}
actions = ["sqs:SendMessage"]
resources = ["arn:aws:sqs:*:*:s3-event-notification-queue"]
condition {
test = "ArnEquals"
variable = "aws:SourceArn"
values = [aws_s3_bucket.bucket.arn]
}
}
}
resource "aws_sqs_queue" "queue" {
name = "s3-event-notification-queue"
policy = data.aws_iam_policy_document.queue.json
}
resource "aws_s3_bucket" "bucket" {
bucket = "your-bucket-name"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.bucket.id
queue {
id = "image-upload-event"
queue_arn = aws_sqs_queue.queue.arn
events = ["s3:ObjectCreated:*"]
filter_prefix = "images/"
}
queue {
id = "video-upload-event"
queue_arn = aws_sqs_queue.queue.arn
events = ["s3:ObjectCreated:*"]
filter_prefix = "videos/"
}
}
For Terraform's JSON syntax, use an array instead of defining the queue
key twice.
{
"bucket": "${aws_s3_bucket.bucket.id}",
"queue": [
{
"id": "image-upload-event",
"queue_arn": "${aws_sqs_queue.queue.arn}",
"events": ["s3:ObjectCreated:*"],
"filter_prefix": "images/"
},
{
"id": "video-upload-event",
"queue_arn": "${aws_sqs_queue.queue.arn}",
"events": ["s3:ObjectCreated:*"],
"filter_prefix": "videos/"
}
]
}
resource "aws_s3_bucket" "bucket" {
bucket = "your-bucket-name"
}
resource "aws_s3_bucket_notification" "bucket_notification" {
bucket = aws_s3_bucket.bucket.id
eventbridge = true
}
The following arguments are required:
bucket
- (Required) Name of the bucket for notification configuration.The following arguments are optional:
eventbridge
- (Optional) Whether to enable Amazon EventBridge notifications. Defaults to false
.lambda_function
- (Optional, Multiple) Used to configure notifications to a Lambda Function. See below.queue
- (Optional) Notification configuration to SQS Queue. See below.topic
- (Optional) Notification configuration to SNS Topic. See below.lambda_function
events
- (Required) Event for which to send notifications.filter_prefix
- (Optional) Object key name prefix.filter_suffix
- (Optional) Object key name suffix.id
- (Optional) Unique identifier for each of the notification configurations.lambda_function_arn
- (Required) Lambda function ARN.queue
events
- (Required) Specifies event for which to send notifications.filter_prefix
- (Optional) Object key name prefix.filter_suffix
- (Optional) Object key name suffix.id
- (Optional) Unique identifier for each of the notification configurations.queue_arn
- (Required) SQS queue ARN.topic
events
- (Required) Event for which to send notifications.filter_prefix
- (Optional) Object key name prefix.filter_suffix
- (Optional) Object key name suffix.id
- (Optional) Unique identifier for each of the notification configurations.topic_arn
- (Required) SNS topic ARN.This resource exports no additional attributes.
In Terraform v1.5.0 and later, use an import
block to import S3 bucket notification using the bucket
. For example:
import {
to = aws_s3_bucket_notification.bucket_notification
id = "bucket-name"
}
Using terraform import
, import S3 bucket notification using the bucket
. For example:
% terraform import aws_s3_bucket_notification.bucket_notification bucket-name