Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
65 lines (62 sloc) 2.11 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: Listening to S3 events at bucket level
Resources:
BucketEvents:
Type: AWS::Events::Rule
Properties:
Name: 's3-bucket-event-rule'
EventPattern:
source: ['aws.s3']
detail-type: ['AWS API Call via CloudTrail']
detail:
eventSource: ['s3.amazonaws.com']
eventName: ['DeleteBucket', 'DeleteBucketCors', 'DeleteBucketLifecycle', 'DeleteBucketPolicy',
'DeleteBucketReplication', 'DeleteBucketTagging', 'DeleteBucketWebsite', 'CreateBucket', 'PutBucketAcl',
'PutBucketCors', 'PutBucketLifecycle', 'PutBucketPolicy', 'PutBucketLogging', 'PutBucketNotification',
'PutBucketReplication', 'PutBucketTagging', 'PutBucketRequestPayment', 'PutBucketVersioning',
'PutBucketWebsite']
State: 'ENABLED'
Targets:
-
Id: 's3-bucket-event-target'
Arn: !Sub '${Fn.Arn}'
InvokePermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref Fn
Action: 'lambda:InvokeFunction'
Principal: events.amazonaws.com
SourceArn: !Sub '${BucketEvents.Arn}'
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
-
Action: ['sts:AssumeRole']
Effect: 'Allow'
Principal:
Service: ['lambda.amazonaws.com']
ManagedPolicyArns: ['arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole']
Policies:
-
PolicyName: run-function
PolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: 'Allow'
Action: ['s3:*'] # as example only, not mandatory here
Resource: '*'
Fn:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: |
def handler(event, context):
detail = event['detail']
print('Got {} event at {}, params: {}'.format(detail['eventName'], detail['eventTime'], detail['requestParameters']))
Runtime: python3.6
Handler: index.handler
Role: !Sub '${Role.Arn}'
Timeout: 10
You can’t perform that action at this time.