Table of contents

s3:ObjectCreated:* event in use

If your bucket has an existing workflow for the s3:ObjectCreated:* event notification, you can choose the following two options to deploy File Storage Security.

1. s3:ObjectCreated:* event partially in use

Use the ObjectFilterPrefix parameter and specify a prefix that is not in use. See Examples of notification configurations with invalid prefix/suffix overlapping for details.

2. s3:ObjectCreated:* event occupied for the entire bucket

Use the TriggerWithObjectCreatedEvent parameter to not bind the event to File Storage Security. Instead, trigger the scans by invoking the deployed BucketListenerLambda in storage stacks, either programmatically or by SNS topic subscription. The input event for BucketListenerLambda must be the whole S3 event message structure of s3:ObjectCreated:* event or the whole s3:ObjectCreated:* event delivered by SNS notification.