Addition of Amazon S3 Events Notifications

[schniber]

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

• Yes ✅: please list the AWS provider version which introduced this functionality

Is your request related to a problem? Please describe.

Although this modules is capable of taking care of Notifications for AWS Backup, GuardDuty Findings, It's not capable of delivering slack notifications for Amazon S3 events.

Implementing S3 event notifications for critical files like backups is crucial for maintaining data integrity and security. These notifications provide near real-time alerts when important files are uploaded, modified, replicated, tagged, marked for deletion, deleted (manually or via lifecycle policy), witnessed a storage class transition, enabling immediate response to potential issues.

This will allow teams to:
1. Verify successful backup completions
2. Detect unauthorized changes or suspicious activities
3. Ensure compliance with data retention policies
4. Trigger workflows for data protection

Describe the solution you'd like.

Enhance the Lambda function to process also Amazon S3 Event Notifications as described in here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html

Describe alternatives you've considered.

None

Additional context

None

[bryantbiggs]

It would be nice to enhance this module to add such functionality.

Why?

[schniber]

Hey @bryantbiggs !
Thanks for the feedback I have added additional details as requested into the issue to provide more business insights about the value this feature would be adding !

Bests.

[bryantbiggs]

do we have a request for these use cases? this sounds like we're adding a footgun that will create a lot of noisy spam. who wants to see thousands/millions/etc of these events getting piped into Slack (and hit rate limits)

perhaps some events are warranted, but I don't believe all of these (or most) are warranted for the intended use case here

[schniber]

Yes you're 100% right, the solution as implemented in this module aims at making the Lambda function capable of sending a human friendly notification for each one of these events instead of the JSON you'd receive natively instead.

Of course, if the s3 event notification configuration at the S3 bucket side is too broad / not filtered on a prefix / suffix, it can lead to spam and rate limiting situation that you described.

I do believe that module users should use this in harmony with the notification configuration on the S3 bucket side (as in here to make sure they only trigger the notifications on the events / prefixes they would like, e.g.:

module "s3_notifications" {
  source = "../../modules/notification"

  bucket = module.s3_bucket.s3_bucket_id

  eventbridge = true

  ...

  sns_notifications = {
    slack = {
      topic_arn     = module.slack_notifications.slack_topic_arn
      events        = ["s3:ObjectRemoved:Delete"]
      filter_prefix = "prefix3/"
      filter_suffix = ".csv"
    }
  }

}