Merge pull request #2338 from archiev4/archiev4-feature-eventbridge-s3-lambda

New Serverless Pattern - EventBridge - S3 - Lambda

Author: julianwood

eventbridge-s3-lambda/README.md

@@ -0,0 +1,79 @@
+# AWS Lambda sending a notification when a new Amazon S3 bucket is created
+
+This pattern creates an automated monitoring system for Amazon S3 bucket create events. It defines an Amazon EventBridge rule that listens for S3 bucket creation events and invokes an AWS Lambda function. The Lambda function processes the event details and sends a notification to an Amazon SNS topic, informing subscribers of the new bucket creation.
+
+Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/eventbridge-s3-lambda
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [Terraform](https://learn.hashicorp.cxom/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
+
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+    ``` 
+    git clone https://github.com/aws-samples/serverless-patterns
+    ```
+1. Change directory to the pattern directory:
+    ```
+    cd eventbridge-s3-lambda
+    ```
+1. From the command line, initialize terraform to downloads and installs the providers defined in the configuration:
+    ```
+    terraform init
+    ```
+1. From the command line, apply the configuration in the main.tf file:
+    ```
+    terraform apply
+    ```
+1. During the prompts
+    #var.region
+    - Enter a value: {enter the region for deployment}
+
+## Testing
+
+1. After deploying the stack, create a Subscriber for your Amazon SNS topic (For ex, your email) and confirm the subscription.
+    https://docs.aws.amazon.com/sns/latest/dg/sns-create-subscribe-endpoint-to-topic.html
+
+1. Create a new S3 bucket using the following CLI command
+    ```
+    aws s3api create-bucket --bucket BUCKET_NAME --region REGION_NAME
+    ```
+    Note: Make sure that the region is same as the region in which you deployed the Terraform code.
+
+1. The event invokes the Lambda function and you will receive an email from the SNS Topic.
+
+## Cleanup
+
+1. Delete the SNS Subscription:
+    Go to SNS > Subsciptions > Select your Subscription and click on Delete
+
+    https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html
+
+1. Change directory to the pattern directory:
+    ```
+    cd serverless-patterns/eventbridge-s3-lambda
+    ```
+1. Delete all created resources
+    ```
+    terraform destroy
+    ```
+    
+1. During the prompts:
+    ```
+    Enter all details as entered during creation.
+    ```
+1. Confirm all created resources has been deleted
+    ```
+    terraform show
+    ```
+----
+Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

eventbridge-s3-lambda/eventbridge-s3-lambda.json

@@ -0,0 +1,97 @@
+{
+    "title": "Amazon S3 bucket creation notifications",
+    "description": "Notify users via AWS Lambda and Amazon SNS when a new Amazon S3 Bucket is created.",
+    "language": "Python",
+    "level": "200",
+    "framework": "Terraform",
+    "introBox": {
+        "headline": "How it works",
+        "text": [
+            "This sample project demonstrates how to notify users when a new S3 bucket is created. An Amazon EventBridge rule detects S3 bucket creation events and invokes a Lambda function. This Lambda function processes the event details and publishes a notification to an SNS topic. This enables automated monitoring and notification of new S3 Bucket creations."
+        ]
+    },
+    "gitHub": {
+        "template": {
+            "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/eventbridge-s3-lambda",
+            "templateURL": "serverless-patterns/eventbridge-s3-lambda",
+            "projectFolder": "eventbridge-s3-lambda",
+            "templateFile": "main.tf"
+        }
+    },
+    "resources": {
+        "bullets": [
+            {
+                "text": "Events from AWS services",
+                "link": "https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-service-event.html"
+            },
+            {
+                "text": "How can I publish a message to an Amazon SNS topic using a Lambda function?",
+                "link": "https://repost.aws/knowledge-center/sns-topic-lambda"
+            }
+        ]
+    },
+    "deploy": {
+        "text": [
+            "terraform init",
+            "terraform apply"
+        ]
+    },
+    "testing": {
+        "text": [
+            "See the GitHub repo for detailed testing instructions."
+        ]
+    },
+    "cleanup": {
+        "text": [
+            "terraform destroy",
+            "terraform show"
+        ]
+    },
+    "authors": [
+        {
+            "name": "Archana V",
+            "image": "https://media.licdn.com/dms/image/D5603AQF_QwVjCkS_UQ/profile-displayphoto-shrink_200_200/0/1670929520771?e=1724284800&v=beta&t=FFJJko4OO8h1tCFrxMyneTyRPAKmyEmIaDOYOeTaFEk",
+            "bio": "Cloud Support Engineer at AWS",
+            "linkedin": "archana-venkat-9b80b7184"
+        }
+    ],
+    "patternArch": {
+        "icon1": {
+            "x": 10,
+            "y": 50,
+            "service": "s3",
+            "label": "Amazon S3"
+        },
+        "icon2": {
+            "x": 40,
+            "y": 50,
+            "service": "eventbridge",
+            "label": "Amazon EventBridge"
+        },
+        "icon3": {
+            "x": 65,
+            "y": 50,
+            "service": "lambda",
+            "label": "AWS Lambda"
+        },
+        "icon4": {
+            "x": 90,
+            "y": 50,
+            "service": "sns",
+            "label": "Amazon SNS"
+        },
+        "line1": {
+            "from": "icon1",
+            "to": "icon2",
+            "label": "Bucket Created"
+        },
+        "line2": {
+            "from": "icon2",
+            "to": "icon3"
+        },
+        "line3": {
+            "from": "icon3",
+            "to": "icon4"
+        }
+    }
+}

eventbridge-s3-lambda/example-pattern.json

@@ -0,0 +1,58 @@
+{
+  "title": "Lambda Function sending SNS notification when a new S3 Bucket is created",
+  "description": "Notify users when a new S3 Bucket is created using Lambda and SNS",
+  "language": "Python",
+  "level": "200",
+  "framework": "Terraform",
+  "introBox": {
+    "headline": "How it works",
+    "text": [
+      "This sample project demonstrates how to invoke a notify users when a new S3 bucket is created. The EventBridge rule detects S3 bucket creation events and triggers a Lambda function. This Lambda function further processes the event details and sends a notification to an SNS topic. This enables automated monitoring and notification of new S3 Bucket creations."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/eventbridge-s3-lambda",
+      "templateURL": "serverless-patterns/eventbridge-s3-lambda",
+      "projectFolder": "eventbridge-s3-lambda",
+      "templateFile": "main.tf"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Events from AWS services",
+        "link": "https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-service-event.html"
+      },
+      {
+        "text": "How can I publish a message to an Amazon SNS topic using a Lambda function?",
+        "link": "https://repost.aws/knowledge-center/sns-topic-lambda"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "terraform init",
+      "terraform apply"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "terraform destroy",
+      "terraform show"
+    ]
+  },
+  "authors": [
+    {
+      "name": "Archana V",
+      "image": "https://media.licdn.com/dms/image/D5603AQF_QwVjCkS_UQ/profile-displayphoto-shrink_200_200/0/1670929520771?e=1724284800&v=beta&t=FFJJko4OO8h1tCFrxMyneTyRPAKmyEmIaDOYOeTaFEk",
+      "bio": "Cloud Support Engineer at AWS",
+      "linkedin": "archana-venkat-9b80b7184"
+    }
+  ]
+}

eventbridge-s3-lambda/images/EB Lambda.png

@@ -0,0 +1,91 @@
+variable "region" {}
+
+provider "aws" {
+  region  = "${var.region}"
+}
+
+data "aws_partition" "current" {}
+resource "aws_iam_role" "lambda_execution_role" {
+  name               = "lambda-execution-role-sns"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect    = "Allow"
+      Principal = { Service = "lambda.amazonaws.com" }
+      Action    = "sts:AssumeRole"
+    }]
+  })
+}
+resource "aws_iam_role_policy" "lambda_policy" {
+  name   = "LambdaPolicy"
+  role   = aws_iam_role.lambda_execution_role.id
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ],
+        Resource = "arn:${data.aws_partition.current.partition}:logs:*:*:*"
+      },
+      {
+        Effect = "Allow",
+        Action = "sns:Publish",
+        Resource = aws_sns_topic.sns_topic.arn
+      }
+    ]
+  })
+}
+resource "aws_sns_topic" "sns_topic" {
+  name = "s3-lambda-topic"
+}
+resource "aws_lambda_function" "sns_lambda" {
+  function_name = "sns-lambda"
+  handler       = "lambda_function.lambda_handler"
+  runtime       = "python3.12"
+  role          = aws_iam_role.lambda_execution_role.arn
+  filename      = "lambda_function_payload.zip"
+  source_code_hash = filebase64sha256("lambda_function_payload.zip")
+  environment {
+    variables = {
+      SNS_TOPIC_ARN = aws_sns_topic.sns_topic.arn
+    }
+  }
+}
+resource "aws_cloudwatch_log_group" "lambda_log_group" {
+  name              = "/aws/lambda/sns-lambda"
+  retention_in_days = 7
+}
+resource "aws_lambda_permission" "allow_eventbridge" {
+  statement_id  = "AllowEventBridge"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.sns_lambda.function_name
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.s3_create_bucket_rule.arn
+}
+resource "aws_cloudwatch_event_rule" "s3_create_bucket_rule" {
+  name        = "s3-create-bucket-rule"
+  description = "Rule to capture S3 bucket creation events"
+  event_pattern = jsonencode({
+    source = ["aws.s3"],
+    "detail-type" = ["AWS API Call via CloudTrail"],
+    detail = {
+      eventSource = ["s3.amazonaws.com"],
+      eventName = ["CreateBucket"]
+    }
+  })
+}
+resource "aws_cloudwatch_event_target" "s3_create_bucket_target" {
+  rule = aws_cloudwatch_event_rule.s3_create_bucket_rule.name
+  arn  = aws_lambda_function.sns_lambda.arn
+}
+output "lambda_function_arn" {
+  value = aws_lambda_function.sns_lambda.arn
+}
+output "sns_topic_arn" {
+  value = aws_sns_topic.sns_topic.arn
+}
+