AWS::S3::BucketNotification #79
Comments
|
Would this help solve this SAM issue? aws/serverless-application-model#138 |
|
Yes, it's exactly that same problem. |
TheDanBlanco
added
the
storage
|
AWS folks, any chance this will move onto the board soon? |
|
We're keeping an eye on the +1s on this, but we're trying to prioritize coverage items first. |
|
This took us by surprise today. Seems to make Policy Templates unusable.. Please Fix! We don't like letting workaround hacks live in our production environments. |
|
+1 on this. This has hit us more than once and feel this should be prioritized. It is not possible to achieve what i consider "THE" base use-case for bucket notifications: "read file that was just added to bucket", without resolving to cumbersome workarounds. |
|
A couple of useful links: Existing Custom Resource which implements this functionality: CDK issue which is blocked by this issue: aws/aws-cdk#4323 |
|
+1 |
2 similar comments
|
+1 |
|
+1 |
|
+1 |
1 similar comment
|
+1 |
|
+1 Still implementing workarounds like this, https://aws.amazon.com/blogs/mt/resolving-circular-dependency-in-provisioning-of-amazon-s3-buckets-with-aws-lambda-event-notifications/ Plus-one for all of Ben's original points. |
|
+1 |
|
Yes! +1 |
|
+1 |
|
@purnesh @yeDor @IanShoe @kz974 @jamescarignan
|
|
+1 |
1 similar comment
|
+1 |
|
How was this issue resolved? I don't see any updates in the CloudFormation documentation relevant to it, and it still warns against the circular dependency: |
cfn-github-issues-bot
moved this from Researching
to We're working on it
in coverage-roadmap
|
+1 |
4 similar comments
|
+1 |
|
+1 |
|
+1 |
|
+1 |
|
@zwezheng @gnobre @Us3rname @qcurtemanjc @agniswarmandal (and future potential "+1" commenters) If you react with the 👍 button to the original issue, (the first comment, click on the smiley face if you're the first reacting), your votes can be used to sort issues and determine priorities. A comment will send a notification to everyone (participants and watchers), but cannot be easily counted as a vote for an issue. Thus It's generally better to vote than to comment with "+1". To keep up to date, you can also add yourself as a watcher. |
|
It looks like a more elegant solution for this is finally here with this announcement, using EventBridge. https://aws.amazon.com/blogs/aws/new-use-amazon-s3-event-notifications-with-amazon-eventbridge/ Here's a pseudo Lambda invocation example I tested with success. This assumes your externally referenced S3 Bucket enables EventBridge Stack: EventRule:
Type: AWS::Events::Rule
Properties:
Description: EventRule
State: ENABLED
EventPattern: # https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html#eb-filtering-data-
source:
- aws.s3
detail-type:
- "Object Created"
detail:
bucket:
name:
- "EXTERNAL-BUCKET"
Targets:
- Arn: !GetAtt MyLambda.Arn
Id: MyLambdaFunctionTarget
PermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref MyLambda
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !GetAtt EventRule.Arn
MyLambda:
Type: AWS::Serverless::Function
... Bucket Stack: S3Bucket:
Type: AWS::S3::Bucket
Properties:
...
BucketName: "EXTERNAL-BUCKET"
NotificationConfiguration:
EventBridgeConfiguration:
EventBridgeEnabled: trueLinking back to aws/serverless-application-model#124 since this is almost exactly the use-case. |
cfn-github-issues-bot
moved this from We're working on it
to Researching
in coverage-roadmap
albaymar
added
enhancement
|
Thanks for the feedback. We have created a Product Feature Request which will be prioritized with other features planned for Amazon S3. As another option, you can enable EventBridge notifications on the S3 Bucket (there are details on getting started here). Additionally, you can refer to an example from Polaskj who has provided a CloudFormation template using EventBridge and Lambda as a destination. |
**What this PR does / why we need it**: Lambda promtail supports s3 events, which are used for scraping several log sources such as ALB access logs. This works by configuring at the S3 bucket level "s3 event notification", that are configured to target the lambda deployment of lambda-promtail. However, if one is configuring this through CloudFormation, there's a known issue with AWS that doesn't allow to configure both the lambda, the bucket, and the notifications in the same stack. See [this issue](aws-cloudformation/cloudformation-coverage-roadmap#79) for details. For that, AWS introduced EventBridge notifications, which can be used to ship s3 events to a lambda deployment as well. This flow looks like: s3 -> eventbridge bus -> eventbridge rule -> lambda EventBridge has it's own message structure for s3 notifications. This PR adds a translation layer, just for `Object created` events (since they are the only ones we should take into account), so that EventBridge events can be received, and trigger the lambda as if they were from s3. **Which issue(s) this PR fixes**: Fixes #10209 **Special notes for your reviewer**: - [x] Pending testing this with an actual deployment of the s3 -> event bridge -> lambda flow - [x] ~~Add CF template for the `s3 -> event bridge -> lambda` deployment~~ Follow up PR **Checklist** - [ ] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [ ] Documentation added - [x] Tests updated - [ ] `CHANGELOG.md` updated - [ ] If the change is worth mentioning in the release notes, add `add-to-release-notes` label - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/setup/upgrade/_index.md` - [ ] For Helm chart changes bump the Helm chart version in `production/helm/loki/Chart.yaml` and update `production/helm/loki/CHANGELOG.md` and `production/helm/loki/README.md`. [Example PR](d10549e)
|
The related (downstream) SAM issue aws/serverless-application-model#124 has been around since 2017 and #79 has been on the Coming Soon ™️ project board for a while. I see many AWS members at this thread then have moved on, so I'd appreciate anybody who is able to check in on the status of the feature request / issue. @benkehoe is this something you are able to help? |
**What this PR does / why we need it**: Lambda promtail supports s3 events, which are used for scraping several log sources such as ALB access logs. This works by configuring at the S3 bucket level "s3 event notification", that are configured to target the lambda deployment of lambda-promtail. However, if one is configuring this through CloudFormation, there's a known issue with AWS that doesn't allow to configure both the lambda, the bucket, and the notifications in the same stack. See [this issue](aws-cloudformation/cloudformation-coverage-roadmap#79) for details. For that, AWS introduced EventBridge notifications, which can be used to ship s3 events to a lambda deployment as well. This flow looks like: s3 -> eventbridge bus -> eventbridge rule -> lambda EventBridge has it's own message structure for s3 notifications. This PR adds a translation layer, just for `Object created` events (since they are the only ones we should take into account), so that EventBridge events can be received, and trigger the lambda as if they were from s3. **Which issue(s) this PR fixes**: Fixes grafana#10209 **Special notes for your reviewer**: - [x] Pending testing this with an actual deployment of the s3 -> event bridge -> lambda flow - [x] ~~Add CF template for the `s3 -> event bridge -> lambda` deployment~~ Follow up PR **Checklist** - [ ] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [ ] Documentation added - [x] Tests updated - [ ] `CHANGELOG.md` updated - [ ] If the change is worth mentioning in the release notes, add `add-to-release-notes` label - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/setup/upgrade/_index.md` - [ ] For Helm chart changes bump the Helm chart version in `production/helm/loki/Chart.yaml` and update `production/helm/loki/CHANGELOG.md` and `production/helm/loki/README.md`. [Example PR](grafana@d10549e)
and others
The problem:
Fundamentally, this is because there is not a separation between the the creation of a bucket (and its name) and the settings on that bucket. There are at least three separate places on AWS that say 🤷 to customers and tell them to manually create a bucket name in two separate places, which is brittle both in terms of multiple deployments of the template and in terms of updating that bucket name in the future.
This could instead be solved with a separate BucketNotification resource. The bucket resource would be created first, the name
!Ref'd to the relevant places, and then the BucketNotification resource would install the notification configuration onto the bucket.The text was updated successfully, but these errors were encountered: