How do I configure Event Notifications on my Wasabi bucket using AWS SNS?

Please note: As of the publishing of this article, the Wasabi Event Notification feature is only working in our us-east-1 region. Additional region support will be included in future updates.

Wasabi has recently deployed a new feature called Event Notifications, which works with your current AWS account and utilizes the AWS SNS service to send notifications to a configured SNS target regarding selected events occurring within your Wasabi bucket.

In order to configure Event Notifications on your Wasabi bucket, we need to first set up and configure a few things your AWS account:

• An IAM User with the proper permissions to perform actions against the AWS SNS service

• An SNS Topic

• A subscription to the above SNS Topic

Once the above prerequisites are completed on the AWS account, we can then configure the following on your Wasabi account:

• Configure your AWS credentials with your Wasabi account (so that Wasabi can access the AWS SNS service on your behalf)

• Event Notifications on the bucket(s) which you wish to be notified about

Configuring your AWS account

We want to first start off with configuring an SNS Topic. For the purposes of this KB, we will be using the us-east-1 region for all configurations.

1. Go to SNS > Topics > Create Topic

   1. Type: Standard

   2. Name:

   3. Create Topic (we will be modifying the Access Policy in a later step)

Note: Once you have the topic created, copy the Topic ARN as we will need this in a later step when creating the IAM User's permission policy.

Now that we have a topic created, we need to create a subscription to that topic. For the purposes of this KB, we will be using e-mail notifications.

1. Go to SNS > Subscriptions > Create Subscription 

   1. Topic ARN: The ARN of the topic created in the above step

   2. Protocol: E-mail

   3. Endpoint: Your e-mail address (must be confirmed after subscription is created)

   4. Create Subscription

Once the subscription has been created, we should see the configuration below the topic:

Now that our Topic and Subscription are created, let's create a permission policy for our IAM User.

1. Go to IAM > Policies > Create Policy

2. On the upper-right switch to "JSON" view

3. Paste the following policy:

   1. {
      "Version": "2012-10-17",
      "Statement": [
      {
      "Effect": "Allow",
      "Action": [
      "ec2:DescribeRegions",
      "sns:ListTopics"
      ],
      "Resource": "*"
      },
      {
      "Effect": "Allow",
      "Action": "sns:*",
      "Resource": "arn:aws:sns:us-east-1:XXXXXXXXXXXX:wasabi-sns-topic"
      }
      ]
      }

   2. Please note that we will need to edit the "Resource" section of the SNS policy to be the topic ARN you copied in the above steps when creating the topic

4. Click "Next"

5. Policy Name: Name your policy (I am calling mine 'wasabi-sns-user-policy')

6. Create Policy

Now that we have a policy created for our user, we can create the user and attach the policy to the user.

1. Go to IAM > Users > Add Users

   1. User name: wasabi-sns-user (you can name the user anything you'd like) > Next

   2. Permissions options > Attach policies directly > wasabi-sns-user-policy (or choose the custom name you gave your policy) > Check the box to select the policy > Next

   3. Create user

We should now see the user with the policy attached:

Now that we have created the user and attached the appropriate permission policy to the user, we need to copy the User ARN and modify the SNS Topic Access Policy.

1. Go to IAM > Users > wasabi-sns-user (or whichever name you gave your user) > ARN > Copy ARN

2. Go to SNS > Topics > Your Topic > Edit > Access Policy

3. On Line 9 you will see "AWS": "*"

   1. Change the AWS Resource to be the ARN of your IAM User:

4. Save Changes

The last step here is to retrieve the access/secret key combination pair for your IAM User so that we may use the user with Wasabi to send Event Notifications

1. Go to IAM > Users > wasabi-sns-user (or whichever name you gave your user) > Security credentials > Create access key

2. Other > Next

3. Create access key

   1. Download the .csv file or copy/paste the access/secret key into a secure location

Configuring Wasabi Bucket Event Notifications

Now that we have configured an IAM User to work with AWS SNS, and have also configured an AWS SNS Topic and Subscription, we can now configure your Wasabi account to utilize these AWS resources and send notifications for bucket activity.

The first step is to incorporate your AWS credentials with the Wasabi Event Notification service.

1. Log into your Wasabi Account via the Root user and go to your account settings at https://console.wasabisys.com/profile

2. Event Notifications > Configure New Credentials

   1. AWS Region: The region in which your SNS Topic was created (we used us-east-1 for this KB so my entry will be for the us-east-1 region)

   2. Access key:

   3. Secret key:

3. Add credentials

Now that we have configured your Wasabi account with your AWS IAM User credentials, we can enable the Event Notifications feature on your bucket(s).

1. Go to your bucket settings by clicking on the Actions menu to the right of the bucket name > Settings

2. Properties > Event Notifications
   

3. Create Event Notification

   1. General Configuration

      1. Event Name: Give the event a name

      2. Prefix: If you wish to only be notified for events under a specific prefix, enter it here

      3. Suffix: If you wish to only be notified for events for specific object types (i.e. '.jpg'), enter it here
         

   2. Event Type

      1. Select which events you wish to be notified about. For testing purposes I will be uploading data to the bucket, so I am selecting all ObjectCreated event types.
         

   3. Destination

      1. AWS Region > Select the region that was configured when setting up your AWS Credentials in your Wasabi account

      2. TopicArn: Select the Topic we configured at the beginning of this article
         

   4. Save

Your Wasabi bucket is now configured to send event notifications for all selected events using the AWS SNS service. Once your configuration is saved, you should receive an s3:TestEvent notification confirming that the notifications have been configured and are working properly.

If you run into any issues with configuring your Wasabi Event Notifications, or if you have any questions about this service, please reach out to our Support Team at support@wasabi.com