- 19 Dec 2023
- 4 Minutes to read
- Print
- PDF
How do I configure Event Notifications on my Wasabi bucket using AWS SNS?
- Updated on 19 Dec 2023
- 4 Minutes to read
- Print
- PDF
Please note: As of the publishing of this article, the Wasabi Event Notification feature is only working in our us-east-1 region. Additional region support will be included in future updates.
Wasabi has recently deployed a new feature called Event Notifications, which works with your current AWS account and utilizes the AWS SNS service to send notifications to a configured SNS target regarding selected events occurring within your Wasabi bucket.
In order to configure Event Notifications on your Wasabi bucket, we need to first set up and configure a few things your AWS account:
An IAM User with the proper permissions to perform actions against the AWS SNS service
An SNS Topic
A subscription to the above SNS Topic
Once the above prerequisites are completed on the AWS account, we can then configure the following on your Wasabi account:
Configure your AWS credentials with your Wasabi account (so that Wasabi can access the AWS SNS service on your behalf)
Event Notifications on the bucket(s) which you wish to be notified about
Configuring your AWS account
We want to first start off with configuring an SNS Topic. For the purposes of this KB, we will be using the us-east-1 region for all configurations.
Go to SNS > Topics > Create Topic
Type: Standard
Name:
Create Topic (we will be modifying the Access Policy in a later step)
Note: Once you have the topic created, copy the Topic ARN as we will need this in a later step when creating the IAM User's permission policy.
Now that we have a topic created, we need to create a subscription to that topic. For the purposes of this KB, we will be using e-mail notifications.
Go to SNS > Subscriptions > Create Subscription
Topic ARN: The ARN of the topic created in the above step
Protocol: E-mail
Endpoint: Your e-mail address (must be confirmed after subscription is created)
Create Subscription
Once the subscription has been created, we should see the configuration below the topic:
Now that our Topic and Subscription are created, let's create a permission policy for our IAM User.
Go to IAM > Policies > Create Policy
On the upper-right switch to "JSON" view
Paste the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeRegions",
"sns:ListTopics"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "sns:*",
"Resource": "arn:aws:sns:us-east-1:XXXXXXXXXXXX:wasabi-sns-topic"
}
]
}Please note that we will need to edit the "Resource" section of the SNS policy to be the topic ARN you copied in the above steps when creating the topic
Click "Next"
Policy Name: Name your policy (I am calling mine 'wasabi-sns-user-policy')
Create Policy
Now that we have a policy created for our user, we can create the user and attach the policy to the user.
Go to IAM > Users > Add Users
User name: wasabi-sns-user (you can name the user anything you'd like) > Next
Permissions options > Attach policies directly > wasabi-sns-user-policy (or choose the custom name you gave your policy) > Check the box to select the policy > Next
Create user
We should now see the user with the policy attached:
Now that we have created the user and attached the appropriate permission policy to the user, we need to copy the User ARN and modify the SNS Topic Access Policy.
Go to IAM > Users > wasabi-sns-user (or whichever name you gave your user) > ARN > Copy ARN
Go to SNS > Topics > Your Topic > Edit > Access Policy
On Line 9 you will see "AWS": "*"
Change the AWS Resource to be the ARN of your IAM User:
Save Changes
The last step here is to retrieve the access/secret key combination pair for your IAM User so that we may use the user with Wasabi to send Event Notifications
Go to IAM > Users > wasabi-sns-user (or whichever name you gave your user) > Security credentials > Create access key
Other > Next
Create access key
Download the .csv file or copy/paste the access/secret key into a secure location
Configuring Wasabi Bucket Event Notifications
Now that we have configured an IAM User to work with AWS SNS, and have also configured an AWS SNS Topic and Subscription, we can now configure your Wasabi account to utilize these AWS resources and send notifications for bucket activity.
The first step is to incorporate your AWS credentials with the Wasabi Event Notification service.
Log into your Wasabi Account via the Root user and go to your account settings at https://console.wasabisys.com/profile
Event Notifications > Configure New Credentials
AWS Region: The region in which your SNS Topic was created (we used us-east-1 for this KB so my entry will be for the us-east-1 region)
Access key:
Secret key:
Add credentials
Now that we have configured your Wasabi account with your AWS IAM User credentials, we can enable the Event Notifications feature on your bucket(s).
Go to your bucket settings by clicking on the Actions menu to the right of the bucket name > Settings
Properties > Event Notifications
Create Event Notification
General Configuration
Event Name: Give the event a name
Prefix: If you wish to only be notified for events under a specific prefix, enter it here
Suffix: If you wish to only be notified for events for specific object types (i.e. '.jpg'), enter it here
Event Type
Select which events you wish to be notified about. For testing purposes I will be uploading data to the bucket, so I am selecting all ObjectCreated event types.
Destination
AWS Region > Select the region that was configured when setting up your AWS Credentials in your Wasabi account
TopicArn: Select the Topic we configured at the beginning of this article
Save
Your Wasabi bucket is now configured to send event notifications for all selected events using the AWS SNS service. Once your configuration is saved, you should receive an s3:TestEvent notification confirming that the notifications have been configured and are working properly.
If you run into any issues with configuring your Wasabi Event Notifications, or if you have any questions about this service, please reach out to our Support Team at support@wasabi.com