EventBridge event message structure - Amazon Simple Storage Service

EventBridge event message structure

The notification message that Amazon S3 sends to publish an event is in the JSON format. When Amazon S3 sends an event to Amazon EventBridge, the following fields are present.

  • version — Currently 0 (zero) for all events.

  • id — A Version 4 UUID generated for every event.

  • detail-type — The type of event that's being sent. See Using EventBridge for a list of event types.

  • source — Identifies the service that generated the event.

  • account — The 12-digit AWS account ID of the bucket owner.

  • time — The time the event occured.

  • region — Identifies the AWS Region of the bucket.

  • resource — A JSON array that contains the Amazon Resource Name (ARN) of the bucket.

  • detail — A JSON object that contains information about the event. For more information about what can be included in thie field, see Event message detail field.

Event message structure examples

The following are examples of some of the Amazon S3 event notification messages that can be sent to Amazon EventBridge.

Object created

{ "version": "0", "id": "17793124-05d4-b198-2fde-7ededc63b103", "detail-type": "Object Created", "source": "aws.s3", "account": "111122223333", "time": "2021-11-12T00:00:00Z", "region": "ca-central-1", "resources": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET1" ], "detail": { "version": "0", "bucket": { "name": "DOC-EXAMPLE-BUCKET1" }, "object": { "key": "example-key", "size": 5, "etag": "b1946ac92492d2347c6235b4d2611184", "version-id": "IYV3p45BT0ac8hjHg1houSdS1a.Mro8e", "sequencer": "617f08299329d189" }, "request-id": "N4N7GDK58NMKJ12R", "requester": "123456789012", "source-ip-address": "1.2.3.4", "reason": "PutObject" } }

Object deleted (using DeleteObject)

{ "version": "0", "id": "2ee9cc15-d022-99ea-1fb8-1b1bac4850f9", "detail-type": "Object Deleted", "source": "aws.s3", "account": "111122223333", "time": "2021-11-12T00:00:00Z", "region": "ca-central-1", "resources": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET1" ], "detail": { "version": "0", "bucket": { "name": "DOC-EXAMPLE-BUCKET1" }, "object": { "key": "example-key", "etag": "d41d8cd98f00b204e9800998ecf8427e", "version-id": "1QW9g1Z99LUNbvaaYVpW9xDlOLU.qxgF", "sequencer": "617f0837b476e463" }, "request-id": "0BH729840619AG5K", "requester": "123456789012", "source-ip-address": "1.2.3.4", "reason": "DeleteObject", "deletion-type": "Delete Marker Created" } }

Object deleted (using lifecycle expiration)

{ "version": "0", "id": "ad1de317-e409-eba2-9552-30113f8d88e3", "detail-type": "Object Deleted", "source": "aws.s3", "account": "111122223333", "time": "2021-11-12T00:00:00Z", "region": "ca-central-1", "resources": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET1" ], "detail": { "version": "0", "bucket": { "name": "DOC-EXAMPLE-BUCKET1" }, "object": { "key": "example-key", "etag": "d41d8cd98f00b204e9800998ecf8427e", "version-id": "mtB0cV.jejK63XkRNceanNMC.qXPWLeK", "sequencer": "617b398000000000" }, "request-id": "20EB74C14654DC47", "requester": "s3.amazonaws.com", "reason": "Lifecycle Expiration", "deletion-type": "Delete Marker Created" } }

Object restore completed

{ "version": "0", "id": "6924de0d-13e2-6bbf-c0c1-b903b753565e", "detail-type": "Object Restore Completed", "source": "aws.s3", "account": "111122223333", "time": "2021-11-12T00:00:00Z", "region": "ca-central-1", "resources": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET1" ], "detail": { "version": "0", "bucket": { "name": "DOC-EXAMPLE-BUCKET1" }, "object": { "key": "example-key", "size": 5, "etag": "b1946ac92492d2347c6235b4d2611184", "version-id": "KKsjUC1.6gIjqtvhfg5AdMI0eCePIiT3" }, "request-id": "189F19CB7FB1B6A4", "requester": "s3.amazonaws.com", "restore-expiry-time": "2021-11-13T00:00:00Z", "source-storage-class": "GLACIER" } }

Event message detail field

The detail feild contains a JSON object with information about the event. The following fields may be present in the detail field.

  • version — Currently 0 (zero) for all events.

  • bucket — Information about the Amazon S3 bucket involved in the event.

  • object — Information about the Amazon S3 object involved in the event.

  • request-id — Request ID in S3 response.

  • requester — AWS account ID or AWS service principal of requester.

  • source-ip-address — Source IP address of S3 request. Only present for events triggered by an S3 request.

  • reason — For Object Created events, the S3 API used to create the object: PutObject, POST Object, CopyObject, or CompleteMultipartUpload. For Object Deleted events, this is set to DeleteObject when an object is deleted by an S3 API call, or Lifecycle Expiration when an object is deleted by an S3 Lifecycle expiration rule. For more information, see Expiring objects.

  • deletion-type — For Object Deleted events, when an unversioned object is deleted, or a versioned object is permanently deleted, this is set to Permanently Deleted. When a delete marker is created for a versioned object, this is set to Delete Marker Created. For more information, see Deleting object versions from a versioning-enabled bucket.

  • restore-expiry-time — For Object Restore Completed events, the time when the temporary copy of the object will be deleted from S3. For more information, see Working with archived objects.

  • source-storage-class — For Object Restore Initiated and Object Restore Completed events, the storage class of the object being restored. For more information, see Working with archived objects.

  • destination-storage-class — For Object Storage Class Changed events, the new storage class of the object. For more information, see Transitioning objects using Amazon S3 Lifecycle.

  • destination-access-tier — For Object Access Tier Changed events, the new access tier of the object. For more information, see Amazon S3 Intelligent-Tiering.