Configuring bucket notifications

You can use event notifications to receive notifications of certain bucket events. To enable event notifications for a bucket, you need to add a notification configuration that specifies which actions will trigger events and where these notifications will be delivered.

The following event types are supported:

Event	Description
s3:ObjectCreated:*	Object created event (all object create events)
s3:ObjectCreated:Put	Object created event (PUT request)
s3:ObjectCreated:Post	Object created event (POST request)
s3:ObjectCreated:Copy	Object created event (COPY request)
s3:ObjectCreated:CompleteMultipartUpload	Object created event (Multipart upload completed)
s3:ObjectRemoved:*	Object removal event (all object removal events)
s3:ObjectRemoved:Delete	Object removal event (DELETE request)
s3:ObjectRemoved:DeleteMarkerCreated	Object removal event (DELETE marker created)
s3:ObjectLifecycle:Expiration:Current	Object lifecycle event (current object expired)
s3:ObjectLifecycle:Expiration:NonCurrent	Object lifecycle event (noncurrent object expired)
s3:ObjectLifecycle:Expiration:DeleteMarker	Object lifecycle event (delete marker expired)
s3:ObjectLifecycle:Expiration:AbortMultipartUpload	Object lifecycle event (multipart upload aborted due to expiration)
s3:LifecycleExpiration:*	Lifecycle expiration event (all lifecycle expiration events)
s3:LifecycleExpiration:Delete	Lifecycle expiration event (DELETE request)
s3:LifecycleExpiration:DeleteMarkerCreated	Lifecycle expiration event (DELETE marker created)
s3:ObjectAcl:Put	Object ACL event (PUT request)
s3:Replication:OperationCompletedReplication	Cross-region replication event (replication operation completed)
s3:Replication:OperationFailedReplication	Cross-region replication event (replication operation failed)

Amazon S3 event notifications supports two actions:

PUT Bucket notification configuration enables notifications of specified events for a bucket. Use only the TopicConfiguration element in the request body. To disable notifications, specify an empty NotificationConfiguration element.
GET Bucket notification configuration returns the current notification configuration of a bucket. If notifications are disabled for a bucket, the request returns an empty NotificationConfiguration element.

The Virtuozzo Hybrid Infrastructure implementation of the Amazon S3 protocol supports only the Simple Notification Service (SNS) topics as the destination type for event notifications. An SNS topic contains details about the target endpoint where to deliver notification messages. You can manage SNS topics by using the ostor-topic-cmd tool. The supported endpoint types include:

HTTP/HTTPS
Kafka
Advanced Message Queuing Protocol (AMQP)

Each topic has a unique Amazon Resource Name (ARN), which needs to be specified in the TopicConfiguration element when creating the bucket notification configuration.

Undelivered messages are lost upon restart of the NDS service.

To create an SNS topic

Use the following command:

ostor-topic-cmd create --user <user_id> --name <topic_name> --endpoint <url> [--verify-ssl <true|false>]
                       [--kafka-ack-level <none|broker>] [--use-ssl <true|false>] [--ca-location <file>]
                       [--opaque-data <data>] [--persistent <true|false>] [--cloudevents <true|false>]
                       [--amqp-exchange <exchange>] [--amqp-ack-level <none|broker|routable>]
                       [--mechanism <scram-sha-512|scram-sha-256|plain>] [--retry <count>] [--delay <count>]

--user <user_id>: User ID of the topic owner
--name <topic_name>: Name of the topic
--endpoint <url>: The URI of an endpoint to send push notifications to
--verify-ssl <true|false>: Indicates whether the server certificate is validated by the client (default: true).
--kafka-ack-level <none|broker>: Messages may persist in the broker before being delivered to their final destinations (default: broker).
--use-ssl <true|false>: Use a secure connection to connect to the broker (default: false).
--ca-location <file>: CA will be used instead of the default CA to authenticate the broker.
--opaque-data <data>: Opaque data is set in the topic configuration and added to all notifications that are triggered by the topic.
--persistent <true|false>: Indicates whether notifications to this endpoint are persistent (asynchronous) or not persistent (default: false).
--cloudevents <true|false>: Indicates whether the HTTP header should contain attributes according to the S3 CloudEvents Specification (default: false).
--amqp-exchange <exchange>: The exchanges must exist and must be able to route messages based on topics.
--amqp-ack-level <none|broker|routable>: Messages may persist in the broker before being delivered to their final destinations (default: broker)
--mechanism <scram-sha-512|scram-sha-256|plain>: SASL mechanism
--retry <count>: Retry count in the range 1-65535 (default: 1)
--delay <count>: Delay between retries, in seconds, in the range 1-86400 (default: 5)

For example, to create a topic with the name mytopic from the user with the ID b3b1223261a29452, run:

# ostor-topic-cmd create --user b3b1223261a29452 --name mytopic --endpoint http://example.com
arn:aws:sns::b3b1223261a29452:mytopic

The command output shows the ARN of the created topic.

To get more details about the topic, use the ostor-topic-cmd info command specifying the user ID and the obtained topic ARN:

# ostor-topic-cmd info --user b3b1223261a29452 --arn arn:aws:sns::b3b1223261a29452:mytopic
<InformationResponse>
  <User>b3b1223261a29452</User>
  <Name>mytopic</Name>
  <EndPoint>
    <EndpointAddress>http://example.com</EndpointAddress>
    <EndpointArgs></EndpointArgs>
    <EndpointTopic>mytopic</EndpointTopic>
    <HasStoredSecret>false</HasStoredSecret>
    <Persistent>true</Persistent>
  </EndPoint>
  <TopicArn>arn:aws:sns::b3b1223261a29452:mytopic</TopicArn>
  <OpaqueData></OpaqueData>

To delete an SNS topic

Use the following command:

ostor-topic-cmd delete --user <user_id> --arn <arn>

--user <user_id>: User ID of the topic owner
--arn <arn>: Topic ARN

For example, to delete the topic with the ARN, run:

# ostor-topic-cmd delete --user b3b1223261a29452 --arn arn:aws:sns::b3b1223261a29452:mytopic