Missing EventBridge events from s3

Question

I have a target configured to log eventbridge events on the default bus.  I just activated events from an s3 bucket, then I uploaded 3 files to the bucket, waited a few minutes, and deleted the files.  Finally (about 1 hour later) I uploaded one more file.

I see exactly 1 'Object Deleted' event from around the time I deleted 3.  I would expect to see 3 'Object Created', 3 'Objected Deleted' at the earlier time, then one 'Object Created' at the subsequent time; no apparent errors in CloudTrail; all of this done using the console (after a similar pattern observed when updates were made via CloudFormation).

Anything else I can do to debug?

Answer

Hello,

Thank you for contacting AWS Re:post. I understand that you are setting up events in EventBridge and observing the following behavior:
When you delete objects in bulk(i.e using console or Cloudformation), that event is logged as one delete event and not separated for every object.

We were able to confirm the above behavior and it is expected in Cloutrail logs. As mentioned in the following document, difference in Cloudtrail and Server access logs, we see that Logging of keys in a batch delete operation is not logged in Cloudtrail. However it is logged in Server Access logs.

>>https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html

In this case,  you can use Server Access logs to get detailed logs for every delete event.

>>https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html

Please do not hesitate to reach out to me if you have any other questions, comments or concerns.

Missing EventBridge events from s3

Relevant content