What is this about?

This post contains an actual CloudFormation template that can be used to deploy CloudWatch rules and SNS notification for certain S3 API actions.

For example, you could have a highly sensitive bucket that you don't want anyone to access, now using this template, you can setup an alert if someone tries to access these files.

Prerequisite

• An object-level logging enabled S3 bucket

Enabling Object-level logging in S3 will record all the API calls made to the S3 bucket.

• Enabled CloudTrail

It is required to have the CloudTrail to be able to select certain events in your AWS event rules.

How to Enable rules and alerts

Event Rules: Creating a CloudWatch event requires an event rule to be defined. Based on our example, we want a notification when someone tries to access the file so we will be generating an event when there is a GetObject request.

To do so, within our template we need a CloudWatch event to be created with the right events and subscribe to an SNS so that whenever the GetObject happens, it will send the SNS alert.

        CloudWatchEventRule:
        Type: AWS::Events::Rule
        Properties:
        Name: my-alerting-event
        EventPattern:
            source:
            - aws.s3
            detail-type:
            - 'S3 API GetObject Alert'
            detail:
            eventSource:
            - s3.amazonaws.com
            eventName:
            - GetObject
            - CopyObject
        State: "ENABLED"
        Targets:
        - Arn: !Ref SNSTopic
            Id: "SendEmail"

The other important aspect of our application is the Email notification which alerts the user.

Here is the snippet to create an SNS topic to send email notification

        SNSTopic:
        Type: "AWS::SNS::Topic"
        Properties:
        DisplayName: "NotifyMe"
        TopicName: "notify-me"
        Subscription:
        - Endpoint: "some@email.com"
            Protocol: "email"
            TopicPolicy:
        Type: AWS::SNS::TopicPolicy
        Properties:
        PolicyDocument:
            Id: "Grepnetics-poicy"
            Version: '2012-10-17'
            Statement:
            - Sid: Rule-Policy
            Effect: Allow
            Principal:
                Service: 
                - events.amazonaws.com
            Action: sns:Publish
            Resource: "*"
        Topics:
        - !Ref SNSTopic

Conclusion

The above snippets will create an SNS topic with an attached subscription to send an email notification. So you can copy this snippet to any existing CloudFormation template to make it work.