search

widdix / aws-s3-virusscan

Antivirus for Amazon S3
https://bucketav.com/
Apache License 2.0
525 stars 127 forks source link

Support for EventBridge? #97

Closed kflavin closed 1 year ago

kflavin commented 1 year ago

I'd like to use AWS EventBridge instead of Event Notifications, because we already have events configured for "create" events in our S3 buckets, and S3 doesn't allow you to create overlapping events of the same event type.

Is EventBridge supported? On first attempt, it doesn't appear to be working for me.

michaelwittig commented 1 year ago

Hi @kflavin Could you share what you exactly tried?

I guess you can connect EventBridge to SQS but you would need to transform the message from EventBridge format to the S3 Event Notification format.

kflavin commented 1 year ago

@michaelwittig The input transformer did the trick. I was sending the EventBridge notifications to SQS, but they weren't being processed by the ruby worker, because they were not in the expected message format.

I added the fields referenced in worker.rb (plus a few extra), and it's working as expected. Now we can keep our existing Event Notifications, which is a big plus. Thank you!

If it's helpful for anyone else, here is what I used for the input transformer:

Input path:

{
  "bucket_arn": "$.resources[0]",
  "bucket_name": "$.detail.bucket.name",
  "object_etag": "$.detail.object.etag",
  "object_key": "$.detail.object.key",
  "object_size": "$.detail.object.size",
  "object_version_id": "$.detail.object.version-id",
  "region": "$.region",
  "time": "$.time"
}

Input template:

{  
   "Records":[  
      {  
         "eventVersion":"2.2",
         "eventSource":"aws:s3",
         "awsRegion":"<region>",
         "eventTime":"<time>",
         "eventName":"s3:ObjectCreated:Post",
         "userIdentity":{  
            "principalId":"Value not provided from event bridge input transformer.  Check rule in AWS."
         },
         "requestParameters":{  
            "sourceIPAddress":"Value not provided from event bridge input transformer.  Check rule in AWS."
         },
         "responseElements":{  
            "x-amz-request-id":"Value not provided from event bridge input transformer.  Check rule in AWS.",
            "x-amz-id-2":"Value not provided from event bridge input transformer.  Check rule in AWS."
         },
         "s3":{  
            "s3SchemaVersion":"1.0",
            "configurationId":"Value not provided from event bridge input transformer.  Check rule in AWS.",
            "bucket":{  
               "name":"<bucket_name>",
               "ownerIdentity":{  
                  "principalId":"Value not provided from event bridge input transformer.  Check rule in AWS."
               },
               "arn":"<bucket_arn>"
            },
            "object":{  
               "key":"<object_key>",
               "size":<object_size>,
               "eTag":"<object_etag>",
               "versionId":"<object_version_id>",
               "sequencer": "Value not provided from event bridge input transformer.  Check rule in AWS."
            }
         }
      }
   ]
}

Be sure to pass as a number (no quotes in the json), and not as a string.

michaelwittig commented 1 year ago

Thanks for sharing @kflavin