-
Notifications
You must be signed in to change notification settings - Fork 0
/
s3-notification-triggers.sh
executable file
·112 lines (91 loc) · 3.34 KB
/
s3-notification-triggers.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/bin/bash
####
# Author: Salman Malik
# Date: 30th-June
# Version: v1
#
# This script uses AWS event triggering to automatically process files/text/videos/images.
####
set -x
# Store the AWS account ID in a variable
aws_account_id=$(aws sts get-caller-identity --query 'Account' --output text)
# Print the AWS account ID from the variable
echo "AWS Account ID: $aws_account_id"
# Set AWS region and bucket name
aws_region="eu-north-1"
bucket_name="salman-trigger-bucket"
lambda_func_name="s3-lambda-function"
role_name="s3-lambda-sns"
email_address="snmalik98@gmail.com"
# Create IAM Role for the project
role_response=$(aws iam create-role --role-name s3-lambda-sns --assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com",
"s3.amazonaws.com",
"sns.amazonaws.com"
]
}
}]
}')
# Extract the role ARN from the JSON response and store it in a variable
role_arn=$(echo "$role_response" | jq -r '.Role.Arn')
# Print the role ARN
echo "Role ARN: $role_arn"
# Attach Permissions to the Role
aws iam attach-role-policy --role-name $role_name --policy-arn arn:aws:iam::aws:policy/AWSLambda_FullAccess
aws iam attach-role-policy --role-name $role_name --policy-arn arn:aws:iam::aws:policy/AmazonSNSFullAccess
# Create the S3 bucket and capture the output in a variable
aws s3api create-bucket --bucket "$bucket_name" --region "$aws_region" --create-bucket-configuration LocationConstraint="$aws_region"
# Print the output from the variable
echo "Bucket creation output: $bucket_output"
# Create a Zip file to upload Lambda Function
zip -r s3-lambda-function.zip ./s3-lambda-function
sleep 5
# Create a Lambda function
aws lambda create-function \
--region "$aws_region" \
--function-name $lambda_func_name \
--runtime "python3.8" \
--handler "s3-lambda-function/s3-lambda-function.lambda_handler" \
--memory-size 128 \
--timeout 30 \
--role "arn:aws:iam::$aws_account_id:role/$role_name" \
--zip-file "fileb://./s3-lambda-function.zip"
# Add Permissions to S3 Bucket to invoke Lambda
aws lambda add-permission \
--function-name "$lambda_func_name" \
--statement-id "s3-lambda-sns" \
--action "lambda:InvokeFunction" \
--principal s3.amazonaws.com \
--source-arn "arn:aws:s3:::$bucket_name"
# Create an S3 event trigger for the Lambda function
LambdaFunctionArn="arn:aws:lambda:eu-north-1:$aws_account_id:function:s3-lambda-function"
aws s3api put-bucket-notification-configuration \
--region "$aws_region" \
--bucket "$bucket_name" \
--notification-configuration '{
"LambdaFunctionConfigurations": [{
"LambdaFunctionArn": "'"$LambdaFunctionArn"'",
"Events": ["s3:ObjectCreated:*"]
}]
}'
# Create an SNS topic and save the topic ARN to a variable
topic_arn=$(aws sns create-topic --name s3-lambda-sns --output json | jq -r '.TopicArn')
# Print the TopicArn
echo "SNS Topic ARN: $topic_arn"
# Trigger SNS Topic using Lambda Function
# Add SNS publish permission to the Lambda Function
aws sns subscribe \
--topic-arn "$topic_arn" \
--protocol email \
--notification-endpoint "$email_address"
# Publish SNS
aws sns publish \
--topic-arn "$topic_arn" \
--subject "A new object created in s3 bucket" \
--message "Greetings a new addition onto salman-trigger-bucket"