How to setup permissions for S3 event to SNS topic?

amazon-s3 amazon-sns
ChenL picture ChenL · Jun 29, 2016 · Viewed 12.9k times · Source

I am trying to create an event on an S3 bucket (named testBucket) so that every time a new object is created, a message is sent to SNS.

I've done some research and added:

"ArnLike": {"aws:SourceArn": "arn:aws:s3:*:*:testBucket"}

to the target topic's policy.

But, when I try to create the event, it still shows: Permissions on the destination topic do not allow S3 to publish notifications from this bucket.

Any ideas?

Answer

ChenL picture ChenL · Jul 4, 2016

Problem solved. Before I was adding the condition line inside the default statement:

    "ArnLike": {
        "aws:SourceArn": "arn:aws:s3:*:*:testBucket"
    }

Turns out I have to create a new statement with publish action in it.

        {
          "Sid": "publish-from-s3",
          "Effect": "Allow",
          "Principal": {
            "Service": "s3.amazonaws.com"
          },
          "Action": "SNS:Publish",
          "Resource": "arn:aws:sns:ap-southeast-2:XXXXXXXXXXXXXX:testTopicforS3",
          "Condition": {
            "ArnLike": {
              "aws:SourceArn": "arn:aws:s3:*:*:testBucket"
            }
          }
        }

Related questions

AWS SES S3 process inbound email

I'm working on a publish by email system based on AWS SES. For all incoming emails I've set routing to save messages in an S3 bucket so I can asynchronously process them. The problem I have is that the messages …

Read More
Downloading an entire S3 bucket?

I noticed that there doesn't seem to be an option to download an entire S3 bucket from the AWS Management Console. Is there an easy way to grab everything in one of my buckets? I was thinking about making the …

Read More
Listing contents of a bucket with boto3

How can I see what's inside a bucket in S3 with boto3? (i.e. do an "ls")? Doing the following: import boto3 s3 = boto3.resource('s3') my_bucket = s3.Bucket('some/path/') returns: s3.Bucket(name='some/path/…

Read More