Automating S3 Object Creation Alerts with AWS Lambda and Terraform

By /

Listen to this Post

Featured Image
AWS Community Builder Oladepo Kunle has developed an easy-to-deploy email notification system that triggers alerts when an object is created in an S3 bucket. The solution leverages AWS Lambda (Python), IAM roles, Terraform for infrastructure as code (IaC), and GitHub for version control.

👉 GitHub Repo: https://lnkd.in/efZrVXPw

You Should Know:

  1. Terraform Setup for AWS Lambda & S3 Event Trigger

Deploy this infrastructure using Terraform:

 main.tf 
provider "aws" { 
region = "us-east-1" 
}

resource "aws_s3_bucket" "example_bucket" { 
bucket = "your-bucket-name" 
}

resource "aws_lambda_function" "s3_notifier" { 
filename = "lambda_function.zip" 
function_name = "s3_object_alert" 
role = aws_iam_role.lambda_exec.arn 
handler = "lambda_function.lambda_handler" 
runtime = "python3.8" 
}

resource "aws_iam_role" "lambda_exec" { 
name = "lambda_s3_notifier_role" 
assume_role_policy = jsonencode({ 
Version = "2012-10-17", 
Statement = [{ 
Action = "sts:AssumeRole", 
Effect = "Allow", 
Principal = { 
Service = "lambda.amazonaws.com" 
} 
}] 
}) 
}

resource "aws_lambda_permission" "allow_s3" { 
statement_id = "AllowS3Invoke" 
action = "lambda:InvokeFunction" 
function_name = aws_lambda_function.s3_notifier.function_name 
principal = "s3.amazonaws.com" 
source_arn = aws_s3_bucket.example_bucket.arn 
}

resource "aws_s3_bucket_notification" "bucket_notification" { 
bucket = aws_s3_bucket.example_bucket.id 
lambda_function { 
lambda_function_arn = aws_lambda_function.s3_notifier.arn 
events = ["s3:ObjectCreated:"] 
} 
}

2. Python Lambda Function for SNS Alerts

The Lambda function processes S3 events and sends an email via AWS SNS:

 lambda_function.py 
import boto3 
import json

def lambda_handler(event, context): 
sns = boto3.client('sns') 
for record in event['Records']: 
bucket = record['s3']['bucket']['name'] 
key = record['s3']['object']['key'] 
message = f"New object uploaded to S3: {bucket}/{key}" 
sns.publish( 
TopicArn='YOUR_SNS_TOPIC_ARN', 
Message=message, 
Subject='S3 Object Created Alert' 
) 
return {'statusCode': 200, 'body': json.dumps('Alert sent!')}

3. Deploying the Solution

  1. Fork the GitHub repo and update `main.tf` with your AWS credentials.
  2. Run `terraform init` and `terraform apply` to deploy.
  3. Test by uploading a file to the S3 bucket—check your email for alerts.

What Undercode Say:

This automation enhances cloud security by providing real-time alerts for S3 object changes. For further hardening:
– Enable S3 bucket versioning (aws s3api put-bucket-versioning --bucket your-bucket --versioning-configuration Status=Enabled)
– Use AWS CloudTrail for audit logs (aws cloudtrail create-trail --name s3-monitoring-trail --s3-bucket-name your-log-bucket)
– Restrict S3 access with bucket policies (aws s3api put-bucket-policy --bucket your-bucket --policy file://policy.json)

Prediction:

As cloud adoption grows, automated monitoring solutions like this will become critical for compliance and security. Expect tighter AWS Lambda integrations with AI-driven anomaly detection in future updates.

Expected Output:

  • Terraform provisions AWS Lambda + S3 event trigger.
  • Lambda sends email alerts via SNS on object upload.
  • Full IaC approach ensures reproducibility.

🔗 Reference: AWS Lambda Documentation | Terraform AWS Provider

IT/Security Reporter URL:

Reported By: Olakunle Oladepo – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: