Tutorial: Log Amazon S3 object-level operations using EventBridge
You can log the object-level API operations on your Amazon S3 buckets. Before Amazon EventBridge can match these events, you must use AWS CloudTrail to set up and configure a trail to receive these events.
In this tutorial, you create CloudTrail trail, create a AWS Lambda function, and then create rule in the EventBridge console that invokes that function in response to an S3 data event.
Steps:
Step 1: Configure your AWS CloudTrail trail
To log data events for an S3 bucket to AWS CloudTrail and EventBridge, you first create a trail. A trail captures API calls and related events in your account and then delivers the log files to an S3 bucket that you specify. You can update an existing trail or create one.
For more information, see Data Events in the AWS CloudTrail User Guide.
To create a trail
- Open the CloudTrail console at https://console.aws.amazon.com/cloudtrail/ - . 
- 
                Choose Trails, Create trail. 
- 
                For Trail name, type a name for the trail. 
- 
                For Storage location, in Create a new S3 bucket. 
- 
                For AWS KMS alias, type an alias for the KMS key. 
- 
                Choose Next. 
- 
                For Event type, choose Data events 
- 
                For Data events, do one of the following: - 
                        To log data events for all Amazon S3 objects in a bucket, specify an S3 bucket and an empty prefix. When an event occurs on an object in that bucket, the trail processes and logs the event. 
- 
                        To log data events for specific Amazon S3 objects in a bucket, specify an S3 bucket and the object prefix. When an event occurs on an object in that bucket and the object starts with the specified prefix, the trail processes and logs the event. 
 
- 
                        
- 
                For each resource, choose whether to log Read events, Write events, or both. 
- 
                Choose Next. 
- 
                Choose Create trail. 
Step 2: Create an AWS Lambda function
Create a Lambda function to log data events for your S3 buckets.
To create a Lambda function
- Open the AWS Lambda console at https://console.aws.amazon.com/lambda/ - . 
- 
                Choose Create function. 
- 
                Choose Author from scratch. 
- 
                Enter a name and description for the Lambda function. For example, name the function LogS3DataEvents.
- 
                Leave the rest of the options as the defaults and choose Create function. 
- 
                On the Code tab of the function page, double-click index.js. 
- 
                Replace the existing code with the following code. 'use strict'; exports.handler = (event, context, callback) => { console.log('LogS3DataEvents'); console.log('Received event:', JSON.stringify(event, null, 2)); callback(null, 'Finished'); };
- 
                Choose Deploy. 
Step 3: Create a Rule
Create a rule to run the Lambda function you created in Step 2. This rule runs in response to an Amazon S3 data event.
To create a rule
- Open the Amazon EventBridge console at https://console.aws.amazon.com/events/ - . 
- 
                In the navigation pane, choose Rules. 
- 
                Choose Create rule. 
- 
                Enter a name and description for the rule. For example, name the rule TestRule
- 
                For Event bus, choose the event bus that you want to associate with this rule. If you want this rule to match events that come from your account, select default. When an AWS service in your account emits an event, it always goes to your account’s default event bus. 
- 
                For Rule type, choose Rule with an event pattern. 
- 
                Choose Next. 
- 
                For Event source, choose AWS services. 
- 
                For Event pattern, do the following: - 
                        For Event source, select Simple Storage Service (S3) from the drop-down list. 
- 
                        For Event type, select Object-Level API call via CloudTrail from the drop-down list. 
- 
                        Choose Specific operation(s), and then choose PutObject. 
- 
                        By default, the rule matches data events for all buckets in the Region. To match data events for specific buckets, choose Specify bucket(s) by name and enter one or more buckets. 
 
- 
                        
- 
                Choose Next. 
- 
                For Target types, choose AWS service. 
- 
                For Select a target, choose Lambda function from the drop-down list. 
- 
                For Function, select the LogS3DataEventsLambda function that you created in step 1.
- 
                Choose Next. 
- 
                Choose Next. 
- 
                Review the details of the rule and choose Create rule. 
Step 4: Test the Rule
To test the rule, put an object in your S3 bucket. You can verify that your Lambda function was invoked.
To view the logs for your Lambda function
-  Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ . 
- 
                In the navigation pane, choose Logs. 
- 
                Select the name of the log group for your Lambda function ( /aws/lambda/).function-name
- 
                Select the name of the log stream to view the data provided by the function for the instance that you launched. 
You can also check your CloudTrail logs in the S3 bucket that you specified for your trail. For more information, see Getting and Viewing Your CloudTrail Log Files in the AWS CloudTrail User Guide.
Step 5: Confirm success
If you see the Lambda event in the CloudWatch logs, you've successfully completed this tutorial. If the event isn't in your CloudWatch logs, start troubleshooting by verifying the rule was created successfully and, if the rule looks correct, verify the code of your Lambda function is correct.
Step 6: Clean up your resources
You can now delete the resources that you created for this tutorial, unless you want to retain them. By deleting AWS resources that you are no longer using, you prevent unnecessary charges to your AWS account.
To delete the EventBridge rule(s)
- 
    Open the Rules page of the EventBridge console. 
- 
    Select the rule(s) that you created. 
- 
    Choose Delete. 
- 
    Choose Delete. 
To delete the Lambda function(s)
- 
    Open the Functions page of the Lambda console. 
- 
    Select the function(s) that you created. 
- 
    Choose Actions, Delete. 
- 
    Choose Delete. 
To delete the CloudTrail trail(s)
- 
    Open the Trails page of the CloudTrail console. 
- 
    Select the trail(s) that you created. 
- 
    Choose Delete. 
- 
    Choose Delete.