Increasing Your Security Posture when Using Amazon S3
S3 Encryption Mechanisms
Amazon S3 Lifecycle Configurations
Introduction to Amazon EFS
EFS in Practice
Amazon Elastic Block Store (EBS)
AWS Storage Gateway
Performance Factors Across AWS Storage Services
The course is part of this learning path
This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core storage concepts and services relevant to the SAP-C02 exam. We start with an introduction to AWS storage services, understand the options available, and learn how to select and apply AWS storage services to meet specific requirements.
- Obtain an in-depth understanding of Amazon S3 - Simple Storage Service
- Learn how to improve your security posture in S3
- Get both a theoretical and practical understanding of EFS
- Learn how to create an EFS file system, manage EFS security, and import data in EFS
- Learn about EC2 storage and Elastic Block Store
- Learn about the different performance factors associated with AWS storage services
Hello and welcome to this lecture which will look at how to configure your buckets to monitor specific events that may occur within them. Any events which are recorded can then be sent to either an SNS Topic, an SQS Queue or a Lambda Function.
Selecting the Events tile from bucket properties screen enables you to configure which events are to be monitored.
Firstly, you need to give your Event a name, followed by the required events that you want to monitor, as you can see there is quite a long list that can be monitored and captured within your bucket covering new objects, object removals, restores, RRS and replication events.
The Prefix element allows you to specify the events to be captured based on the objects prefix within the bucket, for example, you could capture all PUT, COPY and POST events for objects with a prefix of Logs/.
The Suffix provides a similar function of the prefix, it allows you to apply the event captures to objects with a certain suffix, for example all objects with a *.jpg file extension.
The Send to component determines where your events notifications will be sent, either to an SNS Topic, an SQS Queue or a Lambda Function.
Depending on the existing configurations of your destination of event notifications, permissions will need to be granted to your SNS Topic, SQS queue or Lambda function to enable S3 to publish events to them. The application of permissions to each of these services sits outside of this course, for more information on policies and these services, please see the existing content that we have in our library:
I will now provide a quick demonstration on configuring a bucket for Event notifications using a new SNS topic with the appropriate policy attached. I will also show you the notification that is triggered via email.
Okay so I've logged into my AWS account and I'm at the front screen. And firstly I want to go to SNS to create a new topic. So once I'm at the dashboard, if I click on topics and then create topic. I just give this a name of S3PutEvent. I'm just going to accept the rest of the defaults and then I'm going to select create topic. So now I have my S3PutEvent notification here.
Now I'm going to create a subscription to this topic and so if I click on create subscription and I want an email to be sent to myself whenever something is pushed to this topic. I'll accept all the defaults, click on create subscription. I will then get an email asking me to subscribe to this topic so I'm just gonna go ahead and subscribe to that now. You can see here, this is the topic and all I need to do is click on confirm subscription.
Okay, so that's done. If I go back to SNS I need to edit the access policy of this topic. So if I select the topic again and then go to edit and then down the access policy. This is the default access policy in there at the moment so I'm just going to delete that and I'm going to paste in my own policy.
Now what this policy does, it allows the amazon S3 principle to publish to this SNS topic. Now those permissions are needed so when I configure events on my S3 bucket S3 has the permissions to then publish whatever events I select to this amazon SNS topic. So if I go ahead and click on save changes.
Okay. So now I'm going to go over to S3. Now I have a bucket down here called stuartsdemobucket so I'm going to select that and we can see this bucket is empty. If we go across to properties and then down to events. Now here I'm going to add a notification and I want to be notified for every PUT event. So I'm just going to called this MyPutEvent and the events here I'm going to select the PUT event.
Now if I scroll down, I'm not gonna add a prefix or a suffix. On the send to I'm going to select SNS Topic and then I'm going to select my new topic that I just created, the S3PutEvent. So what happened now is every time I put an object into this bucket a notification will be sent to SNS on this topic, and because I subscribed to that topic with my email address I will get an email notification about that.
So let's try this. So if we click on save and if I now add something to this bucket. I'll just select a file and then say upload. So I've now put an object in that bucket so I now should get an email notifying me about that. So if I go across to my emails I can see here that I've had an email notification and it gives me a lot of information here about the event, the source, the region, the time, the event name. And also down here we can see the ARN of the bucket that it went to and also the file name as well. So that's how you create events for your buckets and also how you can push those notifications out to an SNS topic.
Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.