Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
Why didn't my Amazon SNS topic receive Amazon S3 event notifications?
I created an Amazon Simple Storage Service (Amazon S3) event notification to send messages through my Amazon Simple Notification Service (Amazon SNS) topic. However, the new event notifications in my Amazon S3 bucket didn't publish messages to the Amazon SNS topic.
Resolution
Confirm that you correctly configured your Amazon S3 event type
When you configure an Amazon S3 event notification, you must specify the supported Amazon S3 event types that cause Amazon S3 to send the notification. If an event type that you didn't specify occurs in your Amazon S3 bucket, then Amazon S3 doesn't send the notification.
Confirm that your object key name filters are in URL-encoded (percent-encoded) format
If you configured your event notifications to use object key name filtering, then Amazon S3 publishes notifications only for objects with specific prefixes or suffixes.
If you use special characters in your prefixes or suffixes, then you must enter them in URL-encoded (percent-encoded) format. For more information see Object key naming guidelines and Working with object metadata.
Note: You can't use a wildcard character ("*") in filters as a prefix or suffix to represent a character.
Confirm that you granted Amazon S3 the required permissions to publish messages to your topic
Your Amazon SNS topic's resource-based policy must allow the Amazon S3 bucket to publish messages to the topic. Check your topic's AWS Identity and Access Management (IAM) policy to confirm that it has the required permissions, and grant permissions if necessary.
Confirm that your topic has AWS KMS permissions for SSE-encrypted topics
If you activated server-side encryption (SSE) on your SNS topic, then your topic must use a customer managed AWS Key Management (AWS KMS) key. The AWS KMS key must include a custom key policy that grants Amazon S3 permission to use the key.
To set up the required AWS KMS permissions, complete the following steps:
-
Edit the key policy to include the following statement that allows Amazon S3 to publish messages to your encrypted SNS topic:
{ "version": "2012-10-17", "statement": [ { "effect": "allow", "principal": { "service": "s3.amazonaws.com" }, "action": [ "kms:generatedatakey*", "kms:decrypt" ], "resource": "*" } ] } -
Use the AWS KMS key to configure SSE for your Amazon SNS topic.
Use CloudWatch metrics for additional troubleshooting
If the SNS topic still doesn't receive the Amazon S3 event notification, then check the NumberOfMessagePublished Amazon CloudWatch metric for SNS. This metric shows whether Amazon S3 published the events. If there's no metric for NumberOfMessagePublished, then there's an issue with the Amazon S3 to Amazon SNS configuration.
If there are metrics for NumberOfMessagePublished, then check the NumberOfNotificationsDelivered and NumberOfNotificationsFailed metrics. These metrics show whether the SNS topic delivered the messages to a subscription endpoint.
To help you troubleshoot, you can also configure delivery status logging for SNS topics.
Related information
Relevant content
- asked 3 years ago
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
