Periodic update - 2023-05-19

gitlankford · May 19, 2023 · 229242c · 229242c
1 parent 4170c01
commit 229242c
Show file tree

Hide file tree

Showing 50 changed files with 621 additions and 234 deletions.
diff --git a/doc_source/EventNotifications.md b/doc_source/EventNotifications.md
@@ -0,0 +1,46 @@
+# Amazon S3 Event Notifications<a name="EventNotifications"></a>
+
+You can use the Amazon S3 Event Notifications feature to receive notifications when certain events happen in your S3 bucket\. To enable notifications, add a notification configuration that identifies the events that you want Amazon S3 to publish\. Make sure that it also identifies the destinations where you want Amazon S3 to send the notifications\. You store this configuration in the *notification* subresource that's associated with a bucket\. For more information, see [Bucket configuration options](UsingBucket.md#bucket-config-options-intro)\. Amazon S3 provides an API for you to manage this subresource\. 
+
+**Important**  
+Amazon S3 event notifications are designed to be delivered at least once\. Typically, event notifications are delivered in seconds but can sometimes take a minute or longer\. 
+
+## Overview of Amazon S3 Event Notifications<a name="notification-how-to-overview"></a>
+
+Currently, Amazon S3 can publish notifications for the following events:
++ New object created events
++ Object removal events
++ Restore object events
++ Reduced Redundancy Storage \(RRS\) object lost events
++ Replication events
++ S3 Lifecycle expiration events
++ S3 Lifecycle transition events
++ S3 Intelligent\-Tiering automatic archival events
++ Object tagging events
++ Object ACL PUT events
+
+For full descriptions of all the supported event types, see [Supported event types for SQS, SNS, and Lambda](notification-how-to-event-types-and-destinations.md#supported-notification-event-types)\. 
+
+Amazon S3 can send event notification messages to the following destinations\. You specify the Amazon Resource Name \(ARN\) value of these destinations in the notification configuration\.
++ Amazon Simple Notification Service \(Amazon SNS\) topics
++ Amazon Simple Queue Service \(Amazon SQS\) queues
++ AWS Lambda function
+
+For more information, see [Supported event destinations](notification-how-to-event-types-and-destinations.md#supported-notification-destinations)\.
+
+**Note**  
+Amazon Simple Queue Service FIFO \(First\-In\-First\-Out\) queues aren't supported as an Amazon S3 event notification destination\. To send a notification for an Amazon S3 event to an Amazon SQS FIFO queue, you can use Amazon EventBridge\. For more information, see [Enabling Amazon EventBridge](enable-event-notifications-eventbridge.md)\.
+
+**Warning**  
+If your notification writes to the same bucket that triggers the notification, it could cause an execution loop\. For example, if the bucket triggers a Lambda function each time an object is uploaded, and the function uploads an object to the bucket, then the function indirectly triggers itself\. To avoid this, use two buckets, or configure the trigger to only apply to a prefix used for incoming objects\.  
+For more information and an example of using Amazon S3 notifications with AWS Lambda, see [Using AWS Lambda with Amazon S3](https://docs.aws.amazon.com/lambda/latest/dg/with-s3.html) in the *AWS Lambda Developer Guide*\. 
+
+For more information about the number of event notification configurations that you can create per bucket, see [Amazon S3 service quotas](https://docs.aws.amazon.com/general/latest/gr/s3.html#limits_s3) in *AWS General Reference*\.
+
+For more information about event notifications, see the following sections\.
+
+**Topics**
++ [Overview of Amazon S3 Event Notifications](#notification-how-to-overview)
++ [Event notification types and destinations](notification-how-to-event-types-and-destinations.md)
++ [Using Amazon SQS, Amazon SNS, and Lambda](how-to-enable-disable-notification-intro.md)
++ [Using EventBridge](EventBridge.md)
diff --git a/doc_source/HostingWebsiteOnS3Setup.md b/doc_source/HostingWebsiteOnS3Setup.md
@@ -5,6 +5,9 @@ Amazon S3 now applies server\-side encryption with Amazon S3 managed keys \(SSE\
 
 You can configure an Amazon S3 bucket to function like a website\. This example walks you through the steps of hosting a website on Amazon S3\.
 
+**Important**  
+The following tutorial requires disabling Block Public Access\. We recommend keeping Block Public Access enabled\. If you want to keep all four Block Public Access settings enabled and host a static website, you can use Amazon CloudFront origin access control \(OAC\)\. Amazon CloudFront provides the capabilities required to set up a secure static website\. Amazon S3 static websites support only HTTP endpoints\. Amazon CloudFront uses the durable storage of Amazon S3 while providing additional security headers, such as HTTPS\. HTTPS adds security by encrypting a normal HTTP request and protecting against common cyberattacks\. For more information, see [Getting started with a secure static website](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/getting-started-secure-static-website-cloudformation-template.html) in the *Amazon CloudFront Developer Guide*\. 
+
 **Topics**
 + [Step 1: Create a bucket](#step1-create-bucket-config-as-website)
 + [Step 2: Enable static website hosting](#step2-create-bucket-config-as-website)

diff --git a/doc_source/LogFormat.md b/doc_source/LogFormat.md
@@ -218,7 +218,7 @@ s3.us-west-2.amazonaws.com
 Some earlier Regions support legacy endpoints\. You might see these endpoints in your server access logs or AWS CloudTrail logs\. For more information, see [Legacy endpoints](VirtualHosting.md#s3-legacy-endpoints)\. For a complete list of Amazon S3 Regions and endpoints, see [Amazon S3 endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/s3.html) in the *Amazon Web Services General Reference*\.
 
 **TLS version**  
-The Transport Layer Security \(TLS\) version negotiated by the client\. The value is one of following: `TLSv1`, `TLSv1.1`, `TLSv1.2`, or `-` if TLS wasn't used\.  
+The Transport Layer Security \(TLS\) version negotiated by the client\. The value is one of following: `TLSv1.1`, `TLSv1.2`, `TLSv1.3`, or `-` if TLS wasn't used\.  
 **Example entry**  
 
 ```
@@ -431,7 +431,7 @@ s3.us-west-2.amazonaws.com
 Some earlier Regions support legacy endpoints\. You might see these endpoints in your server access logs or AWS CloudTrail logs\. For more information, see [Legacy endpoints](VirtualHosting.md#s3-legacy-endpoints)\. For a complete list of Amazon S3 Regions and endpoints, see [Amazon S3 endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/s3.html) in the *Amazon Web Services General Reference*\.
 
 **TLS version**  
-The Transport Layer Security \(TLS\) version negotiated by the client\. The value is one of following: `TLSv1`, `TLSv1.1`, `TLSv1.2`, or `-` if TLS wasn't used\.  
+The Transport Layer Security \(TLS\) version negotiated by the client\. The value is one of following: `TLSv1.1`, `TLSv1.2`, `TLSv1.3`, or `-` if TLS wasn't used\.  
 **Example entry**  
 
 ```

diff --git a/doc_source/UsingBucket.md b/doc_source/UsingBucket.md
@@ -73,7 +73,7 @@ These are referred to as subresources because they exist in the context of a spe
 | Subresource | Description | 
 | --- | --- | 
 |   *cors* \(cross\-origin resource sharing\)   |   You can configure your bucket to allow cross\-origin requests\. For more information, see [Using cross\-origin resource sharing \(CORS\)](cors.md)\.  | 
-|   *event notification*   |  You can enable your bucket to send you notifications of specified bucket events\.  For more information, see [Amazon S3 Event Notifications](NotificationHowTo.md)\.  | 
+|   *event notification*   |  You can enable your bucket to send you notifications of specified bucket events\.  For more information, see [Amazon S3 Event Notifications](EventNotifications.md)\.  | 
 | lifecycle |  You can define lifecycle rules for objects in your bucket that have a well\-defined lifecycle\. For example, you can define a rule to archive objects one year after creation, or delete an object 10 years after creation\.  For more information, see [Managing your storage lifecycle](object-lifecycle-mgmt.md)\.   | 
 |   *location*   |   When you create a bucket, you specify the AWS Region where you want Amazon S3 to create the bucket\. Amazon S3 stores this information in the location subresource and provides an API for you to retrieve this information\.   | 
 |   *logging*   |  Logging enables you to track requests for access to your bucket\. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any\. Access log information can be useful in security and access audits\. It can also help you learn about your customer base and understand your Amazon S3 bill\.   For more information, see [Logging requests using server access logging](ServerLogs.md)\.   | 

diff --git a/doc_source/UsingKMSEncryption.md b/doc_source/UsingKMSEncryption.md
@@ -100,7 +100,7 @@ To require server\-side encryption of all objects in a particular Amazon S3 buck
 17. }
 ```
 
-To require that a particular AWS KMS key be used to encrypt the objects in a bucket, you can use the `s3:x-amz-server-side-encryption-aws-kms-key-id` condition key\. To specify the KMS key, you must use a key Amazon Resource Name \(ARN\) that is in the `arn:aws:kms:region:acct-id:key/key-id` format\.
+To require that a particular AWS KMS key be used to encrypt the objects in a bucket, you can use the `s3:x-amz-server-side-encryption-aws-kms-key-id` condition key\. To specify the KMS key, you must use a key Amazon Resource Name \(ARN\) that is in the `arn:aws:kms:region:acct-id:key/key-id` format\. AWS Identity and Access Management does not validate if the string for `s3:x-amz-server-side-encryption-aws-kms-key-id` exists\. 
 
 **Note**  
 When you upload an object, you can specify the KMS key by using the `x-amz-server-side-encryption-aws-kms-key-id` header\. If the header is not present in the request, Amazon S3 assumes that you want to use the AWS managed key\. Regardless, the AWS KMS key ID that Amazon S3 uses for object encryption must match the AWS KMS key ID in the policy, otherwise Amazon S3 denies the request\.

diff --git a/doc_source/Welcome.md b/doc_source/Welcome.md
@@ -44,7 +44,7 @@ Amazon S3 provides features for auditing and managing access to your buckets and
 
 To transform data and trigger workflows to automate a variety of other processing activities at scale, you can use the following features\.
 + [S3 Object Lambda](https://docs.aws.amazon.com/AmazonS3/latest/userguide/transforming-objects.html) – Add your own code to S3 GET, HEAD, and LIST requests to modify and process data as it is returned to an application\. Filter rows, dynamically resize images, redact confidential data, and much more\.
-+ [Event notifications](https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html) – Trigger workflows that use Amazon Simple Notification Service \(Amazon SNS\), Amazon Simple Queue Service \(Amazon SQS\), and AWS Lambda when a change is made to your S3 resources\.
++ [Event notifications](https://docs.aws.amazon.com/AmazonS3/latest/userguide/EventNotifications.html) – Trigger workflows that use Amazon Simple Notification Service \(Amazon SNS\), Amazon Simple Queue Service \(Amazon SQS\), and AWS Lambda when a change is made to your S3 resources\.
 
 ### Storage logging and monitoring<a name="features-storage-monitoring"></a>