AWS: Monitoring S3 With Events and SNS

Jawady Muhammad Habib
December 7, 2017 | Views: 4454
Save

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


Howdy, everybody! This is Muhammad Habib Jawady in a new DevOps hands-on tutorial. In my first Amazon Web Services tutorial, I demonstrate how to leverage the S3 events feature and Simple Notification Service in order to monitor the actions taken on certain assets.

This is a hands-on guide with no prerequisite skills even though the possession of an AWS account with the allowed usage of S3 and SNS is required. Before diving into the details, let’s get our feet wet with AWS and its advantages, and the services we are about to use.

AWS

Introduction to AWS

Amazon Web Services is a scalable cloud computing platform provided by Amazon.com, Inc. In 2006. Due to its relatively cheap pricing and diversity of services in multiple fields (eg. Storage, IoT, computing …) and detailed documentation, it is considered an important competitor to Azure. In this guide, you will come to know the basics of using:

  • Simple Notifications Service (SNS SMS messaging)
  • Simple Storage Service(S3)

Client demands

One cannot deny that practicing is the key to learning. Thus, I crafted a scenario of a client demand and in this article, we will satisfy his blueprint idea and try not to exceed his yearly dedicated budget for the purpose:

A project manager hired interns and assigned documenting the progress of the project in two S3 buckets, one is related to documenting development team contributions and the other for pull requests. However, he does not seem to trust them enough with information stored in the buckets. He asked you to prepare a blueprint allowing SMS notification for bucket one on any file download … and email notification on any file deletion in the second bucket. Your budget must not exceed $20/year for this!

How are you supposed to handle this?

1. Blueprint preparation

  • The first thing you need to do is prepare a tidy and clear blueprint. The key to a successful blueprint definitely depends on your understanding of Amazon fundamental concepts such as availability zones. One obviously cannot also pull this off with no prior knowledge about the used services and the way of taking automatic action in response to events …

AWS

I would recommend using CloudCraft as a tool to help you craft a solid BP I will cover all the knowledge you need about the used services in the next step, but for now here is how your blueprint should look something like the below image.

With roughly 16$/year expenses.

Now with a complete BP, we can start.

2. Creation of resources/instances …

  • Creation of S3 buckets
    Simple Storage Service (SNS) is a solution to storing static files built to save and retrieve data whenever needed from anywhere given enough privileges.
    An instance of S3 is called a bucket. It is a directory which may store subdirectories or files containing any amount of data with the condition that it is not restricted to a policy. We are going to set the region to Asia Pacific / Sydney (ap-southeast-2) and then choose S3 from the console.

Then we’re going to create two buckets with names: ‘bucket-team’ and ‘pull-bucket’

And in the ‘Set permissions’, we’re going to select the recommended in ‘Manage public permissions’ and ‘Grant Amazon S3 Log Delivery group write access to this bucket’.

Creation of SNS topics:

  • Simple Notification Service (SNS) is a fully managed pub/sub messaging service which allows sending [SMS](https://en.wikipedia.org/wiki/SMS) notifications to single/multiple targets. A ‘topic’ is a subject you create in order to group subscriptions and push messages to multiple recipients. ‘Subscriptions’ is from where you group targets and signs them up for a topic. From your AWS console ( the region is also Sydney), choose SNS.

Then, we are going to create a topic,

Then, add the Project manager number in the subscriptions after copying the ARN.

In order to test if the subscription/topic creation was successful, you can visit the topics page and publish to the topic a test message,

Note: In this tutorial, I am going to work on one single bucket. The second is the same method changing the protocol to Email instead of SMS.

3. Creation of events In order to create events, I am going back to my S3 buckets > {bucket-name-management} Under properties> Events: choose ‘add notifications’

Choose what type of event will trigger your notification and a meaningful name.

Now, on ‘Delete’, the Project manager will receive an SMS message automatically with details about the event.

Conclusion

In this hands-on real-world scenario tutorial, we learned how to create S3 buckets’ events in order to trigger notification using SNS service, and manage SNS topics and subscriptions.

AWS

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Submit to 0P3N
Comment on This

You must be logged in to post a comment.

Related Reads
AWS: Monitoring S3 With Events and SNS
December 7, 2017
By: Jawady Muhammad Habib
4454
AWS vs Azure vs Google Cloud: Ultimate Comparison ...
March 25, 2018
By: Saurabh Chaturvedi
4624
Details Matter in Breaches and in Business
March 8, 2018
By: Varonis
355
Ethical Security Research on SecureDrop
September 20, 2017
By: Bugcrowd
317

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel