Configuring SNS Push Notifications on S3 Bucket Events Inside of the AWS Console

Hands-On Lab

 

Photo of Fernando Medina Corey

Fernando Medina Corey

Training Architect

Length

00:30:00

Difficulty

Beginner

In this live AWS environment, you will configure an S3 bucket to trigger AWS Simple Notification Service notifications whenever an object is added to an S3 bucket. This scenario will help you understand how you can architect your application to respond to S3 bucket events using other services such as SNS, AWS, Lambda, and others. Code for this environment: { "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": "SNS:Publish", "Resource": "SNS_ARN_REPLACE_ME", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:s3:*:*:BUCKET_NAME_REPLACE_ME" } } }, Important - the SNS console may look slightly different than on the video To edit a topic policy, select the topic, click edit, and scroll down to access policy. Follow the instructions from that point onwards

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring SNS Push Notifications on S3 Bucket Events Inside of the AWS Console

In this hands-on lab, we will configure an S3 bucket to trigger AWS Simple Notification Service (SNS) notifications whenever an object is added to an S3 bucket. This scenario will help us understand how we can architect our application to respond to S3 bucket events using other services, such as SNS, AWS, Lambda, and others.

The Scenario

In this scenario, either a user or a web application will be uploading files to an S3 bucket. For this lab, we're not going to create a web application to do this — we're just going to mimic this by uploading files to an S3 bucket directly, as the conditions are effectively the same. The S3 bucket will still receive the files and trigger events as usual.

We need to create an S3 bucket and configure event notifications to send events to an SNS topic. This will require us to create an SNS topic and modify the SNS topic policy to accept event notifications from the S3 bucket.

After we've done this, we need to make sure the SNS topic has two things:

  • An SNS email subscription, which we'll pretend is being sent to a developer.
  • An SMS (or text notification) subscription, which we'll pretend is being sent to a manager.

For the purposes of this lab, you'll use your own email address and mobile phone number in order for it to work. Let's get to it!

Introduction to the Environment

To get started, log in to the live environment as cloud_user with the password provided. Make sure you're in the us-east-1 region throughout the lab.

In the AWS Management Console, click Services, and right-click S3 under Storage to open it in a new browser tab.

Then click Simple Notification Service under Application Integration. (You could also search "Simple Notification Service" in the search bar instead of scrolling around to find it.)

>Note: If you already see an S3 bucket listed in the S3 Management Console, you can ignore it — we'll create our own S3 bucket for this lab.

Configuring an S3 Bucket and SNS Topic to Send Notifications on S3 Bucket Events

Create the Bucket

In the S3 Management Console, click + Create Bucket.

In the Name and region window, we first need to give our bucket a name. The Bucket name needs to be unique, so feel free to call it anything you like. Or you can use "s3uploads-myspecialbucketname" and then add whatever other characters you want after it. The Region should already be set to US East, so click Next.

We don't need to do anything in the Configure options window, so click Next.

Same for the Set permissions window — it's all staying the same, so click Next.

In the Review window, click Create bucket.

Before we move on, let's quickly do something that will save us some time later. Once you see your bucket listed, click in the space between the bucket name and where it says Bucket and objects not public. This will pop out a box from the right side of the screen. At the top of that box, click Copy Bucket ARN and paste the ARN into a text file or note on your desktop. We'll need it in a few minutes.

Create the SNS Topic

Now, head back to the AWS SNS browser tab. Click Topics in the sidebar, and click Create new topic. For Topic name and Display name, enter "S3Events". Click Create topic.

Configure the Bucket — Part 1

Back in the S3 Management Console, click your bucket, and then click the Properties tab.

Under Advanced settings, click the Events box. Setting up events allows us to receive notifications whenever there are events happening in our bucket that we want to be notified about. Click + Add notification.

For Name, enter "UploadNotification". Check the box next to All object create events. We'll leave the Prefix and Suffix boxes empty. In the Send to dropdown menu, select SNS Topic. In the SNS dropdown, select S3Events. Click Save.

We'll then receive an error: "Unable to validate the following destination configurations. Permissions on the destination do not allow S3 to publish notifications from this bucket." The reason we got this is because we haven't yet configured our SNS topic policy to accept notification events from our S3 bucket. Let's do that now. Click Cancel.

Modify the SNS Topic policy

Back in the SNS topics screen, we'll see our SNS topic. Click into it to open it.

Just like we did with the S3 bucket ARN, copy and paste the topic's ARN into a text file or note on your desktop. We'll need it in a minute.

In the topic details page, click the Other topic actions dropdown and select Edit topic policy.

In the Edit topic policy popup, click the Advanced view tab. We're going to keep the current statements in here and add a new one. After "Statement": [ toward the top, press Enter to start a new line, and paste in the following:

{
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
    },
        "Action": "SNS:Publish",
        "Resource": "SNS_ARN_REPLACE_ME",
        "Condition": {
            "StringEquals": {
                "aws:SourceArn": "S3_BUCKET_ARN_REPLACE_ME"
            }
        }
    },

Here's where we need to use the ARNs we copied and pasted before. In the SNS:Publish section, where it says, SNS_ARN_REPLACE_ME, paste in the SNS topic you added to that text file or note a minute ago. Then, copy and paste your S3 bucket ARN where it says S3_BUCKET_ARN_REPLACE_ME.

Make sure to leave the comma after the last bracket in our new statement, as this allows us to have more than one statement for this SNS topic's policy. Click Update policy. We should see a message that says, "Successfully edited topic policy" at the top.

Now, let's try to configure our bucket again.

Configure the Bucket — Part 2

This will sound familiar: Back in the S3 Management Console, click the Events box and then click + Add notification.

For Name, enter "S3uploads". Check the box next to All objects create events. We can leave the Prefix and Suffix boxes empty for now. In the Send to dropdown, select SNS Topic. In the SNS dropdown, select S3Events. Click Save.

This time, we should see we now have one active notification. Let's test it out.

Create the Email Subscription

Back in the topic details page for our SNS topic, in the Subscriptions section, click Create subscription. In the Protocol dropdown, select Email. For Endpoint, enter your email address. Click Create subscription.

Once we create it, under Subscription ID in the Subscriptions section, we'll see a status of PendingConfirmation. Now, check your email, where you should have an email asking you to confirm your subscription. Click the Confirm subscription link to make sure you'll receive the notifications. You should then be directed to a "Subscription confirmed!" screen.

Next, refresh the Subscriptions section of the topic details page, where we should now see an actual subscription ID. Let's try something else out.

Click Publish to topic. Type whatever you'd like here. The Subject could just be "Hello", and the Message could be "Have a nice day". Then, click Publish message.

Now, check your inbox. After a few seconds, you should receive an email with what you just wrote. We did this manually here, but we want this to be generated automatically when something is uploaded to the S3 bucket.

Back in the S3 Management Console, click the Overview tab and click Upload.

Click Add files. Feel free to add any random file you have on your computer. Upload it here, and click Next.

Click Next on the Set permissions and Set properties windows, and then click Upload.

Go back to your inbox. You should have an email with a block of text that might be hard to understand, but reading through it, we can see there's a bucket that has had a new object uploaded to it. It also gives a bit of metadata about the object, including its size in bytes.

Create the SMS Subscription

Back in the topic details page for our SNS topic, click Create subscription again. In the Protocol dropdown, select SMS. For Endpoint, enter your mobile phone number. Click Create subscription.

To test it out, head back to the S3 Management Console and upload a new file to the bucket. You should receive a text notification on your phone within a few minutes.

Conclusion

Congratulations, you've successfully completed this lab!