Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

EventBridge rules to distinguish S3 PutObject from original upload vs S3 PutObject as a result of CRR?

0

I am setting up my EventBridge in two regions that will get PutObject events from S3buckets in either region both of which have CrossRegionReplication setup with each other However, I want only the ORIGINAL **PutObject **calls to S3 to be intercepted by Event Bridge which then invokes a lambda and DISCARD the CRR generated **PutObject ** to S3 in the other region where replication happens for the same object - as sending those to the Lambda would cause duplication downstream.

How can i build an AWS EventBridge rule that checks if the notification is coming from a Cross Region Replicated bucket PutObject operation vs the original upload PutObject operation?

Topics
Application IntegrationServerless
Tags
Amazon EventBridge
Language
English

asked 2 years ago682 views

2 Answers
0

To ensure AWS EventBridge only processes original PutObject events from S3 and not those generated by Cross Region Replication (CRR):

  1. Event Source and Pattern:

    • Configure EventBridge to listen for s3:ObjectCreated events.
    • Use an event pattern to filter events based on the x-amz-replication-status header.

  2. Event Pattern Detail:

    • The pattern should match PutObject events where x-amz-replication-status is not REPLICA.
    • Example event pattern: 
      {
  "source": ["aws.s3"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["s3.amazonaws.com"],
    "eventName": ["PutObject"],
    "requestParameters": {
      "bucketName": ["YOUR_BUCKET_NAME"]
    },
    "additionalEventData": {
      "x-amz-replication-status": [{"anything-but": ["REPLICA"]}]
    }
  }
}

  3. Action:

    • Set the rule to invoke a Lambda function or another action for events matching the pattern.
    • This ensures only original PutObject events are processed, avoiding duplication from CRR-generated events.
EXPERT

answered 2 years ago

0

Hello - thanks for the reply. However I'm unable to use the CloudTrail event for my EventBridge rules. I can only receive S3 events:

{
  "source": ["aws.s3"],
  "detail-type": ["Object Created"],
  "detail": {
    "eventName": ["PutObject"],

While s3 events works perfectly for direct uploads PutObject calls - its also pulling in events for Cross Region Replication PutObject calls. How can I used regular S3 notification based pattern matching (not Cloudtrail event) to filter out CRR PutObject calls?

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content