堆栈内存溢出
  简体   繁体   English

Cloudwatch 事件规则侦听具有特定键路径的 s3 存储桶

[英]Cloudwatch event rule listen to s3 bucket with specific keypath

 原文  2018-12-14 09:30:14       amazon-web-services/ amazon-cloudwatch

问题描述

Is there a way to listen to an s3 bucket but only inside a specific "folder" so for instance if i had a folder named input i would say listen on "s3://bucket-name/folder1/*"?有没有办法收听 s3 存储桶,但只能在特定的“文件夹”内收听,例如,如果我有一个名为 input 的文件夹,我会说在“s3://bucket-name/folder1/*”上收听? Right now it seems that you can only listen to the entire bucket.My issue is that I want to use the same bucket to trigger CloudWatch based on specific key path, and of course all cloudwatch rules will be triggered.现在好像只能听整个bucket。我的问题是我想使用同一个bucket根据特定的key path来触发CloudWatch,当然所有的cloudwatch规则都会被触发。 This is my flow: CloudTrail (monitor s3://bucket/path) -> CloudWatch (will have an Event Rule for any PUT in that s3://bucket/path) trigger-> StepFunction-> LambdaFunctions I also tried to restrict this from CloudWatch role to give permissions only to that specific S3 bucket path without luck.这是我的流程: CloudTrail (monitor s3://bucket/path) -> CloudWatch (将有一个事件规则用于该 s3://bucket/path 中的任何 PUT) trigger-> StepFunction-> LambdaFunctions 我也试图限制这来自 CloudWatch 角色,仅授予对该特定 S3 存储桶路径的权限,而没有运气。 This is my event rule:这是我的活动规则:

{ "source": [ "aws.s3" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": [ "s3.amazonaws.com" ], "eventName": [ "PutObject" ], "requestParameters": { "bucketName": [ " bucketname" ] } } }

Is there any workaround?有什么解决方法吗?

2 个解决方案

解决方案1
 3  2020-10-06 20:15:42

As of the date of this writing, I do not currently know of a way to accomplish ON THE RULE.在撰写本文时,我目前不知道有什么方法可以完成规则。 There could be a workaround on the rule but I have not found it...该规则可能有一个解决方法,但我还没有找到它......

...HOWEVER: This can be accomplished by using CloudTrail . ...然而:这可以通过使用CloudTrail来完成。

  1. Remove the key from the event rule object you have, and keep the bucket name从您拥有的事件规则对象中删除键,并保留存储桶名称
  2. Go to CloudTrail.转到 CloudTrail。 If all data events are turned on, disable them and created your own trail.如果所有数据事件都已打开,请禁用它们并创建您自己的跟踪。
  3. In CloudTrail, create a new Trail.在 CloudTrail 中,创建一个新的跟踪。 Specify object or bucket level operations指定对象或存储桶级别的操作
  4. Enable S3 Data events - ASSUMING you want to listen for putObject or similar启用 S3 数据事件 - 假设您想监听 putObject 或类似事件
  5. specify your bucket, AND when it says Individual bucket selection, type in the bucket name AND the path you want to monitor.指定您的存储桶,当它显示单个存储桶选择时,输入存储桶名称和您要监控的路径。 bucketname/folder1/folder2
  6. specify whether you want read and write actions to be logged to the trail.指定是否要将读取和写入操作记录到跟踪中。

Now you have a log trail for that path only.现在您只有该路径的日志跟踪。 The cloudwatch rule, or eventBridge rule, can now specify the bucket, and whatever operations you want to monitor. cloudwatch 规则或 eventBridge 规则现在可以指定存储桶以及您想要监控的任何操作。

解决方案2
 -2 已采纳  2019-07-29 07:28:48

try adding尝试添加

"requestParameters": { "bucketName": [ " bucketname" ],"key":["folder1"] }

could be work.可能是工作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从CloudWatch Event中读取AWS s3存储桶名称 - Read AWS s3 Bucket Name from CloudWatch Event 为 S3 前缀创建 AWS CloudWatch 事件规则 - Create AWS CloudWatch Event rule for S3 prefix 如果S3存储桶未接收到数据,则CloudWatch警报 - CloudWatch Alarm if S3 bucket not receiving data 收集 Cloudwatch 指标并上传到 S3 存储桶 - Collect Cloudwatch metrics and upload to S3 bucket 将特定事件附加到 cloudwatch 事件规则 - Attach a specific event to a cloudwatch events rule AWS S3 存储桶的重定向规则为 in.htaccess - Redirect rule for AWS S3 bucket as in htaccess 如何禁用S3存储桶重定向规则? - How to disable an S3 bucket redirect rule? S3 存储桶中文件的生命周期规则 - Lifecycle rule for files in S3 bucket 仅适用于 S3 存储桶的 ECS 入口规则 - ECS ingress rule only for S3 bucket 如何将日志从 Amazon S3 存储桶导入到 cloudwatch - How to Import Logs From An Amazon S3 Bucket to cloudwatch
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM