Full Stack • Java • System Design • Cloud • AI Engineering

S3 Event Notifications

Learn Amazon S3 Event Notifications in detail. Understand how S3 automatically triggers AWS services like Lambda, SQS, SNS, and EventBridge whenever files are uploaded, deleted, restored, or modified. This guide covers architecture, real-world use cases, event types, configuration steps, security, monitoring, and production best practices.

Introduction

Modern cloud applications are event-driven.

Instead of continuously checking whether a file has been uploaded, AWS allows applications to react automatically whenever an event occurs.

Amazon S3 Event Notifications enable S3 buckets to publish events whenever objects are created, deleted, restored, tagged, or replicated.

These events can automatically trigger downstream services such as:

  • AWS Lambda
  • Amazon SQS
  • Amazon SNS
  • Amazon EventBridge

This enables highly scalable, loosely coupled, asynchronous architectures.

Learning Objectives

After completing this article, you will understand:

  • What S3 Event Notifications are
  • How event-driven architecture works
  • Supported event types
  • S3 → Lambda integration
  • S3 → SQS integration
  • S3 → SNS integration
  • S3 → EventBridge integration
  • Event filtering
  • Security
  • Monitoring
  • Retry handling
  • Dead Letter Queues
  • Production best practices

What is S3 Event Notification?

Whenever an object changes inside a bucket, S3 generates an event.

Examples:

  • Image uploaded
  • PDF deleted
  • ZIP restored
  • Object copied
  • Version created

Instead of polling S3 every few seconds, S3 pushes the event immediately.

Traditional Polling

flowchart LR
    APP[Application]
    S3[S3 Bucket]

    APP -->|Every 5 Seconds| S3
    APP -->|Every 5 Seconds| S3
    APP -->|Every 5 Seconds| S3

Problems:

  • Wasted API calls
  • Increased cost
  • Higher latency
  • Poor scalability

Event Driven Architecture

flowchart LR
    USER[User Uploads File]
    S3[S3 Bucket]
    EVENT[S3 Event]
    TARGET[AWS Service]

    USER --> S3
    S3 --> EVENT
    EVENT --> TARGET

Advantages:

  • Instant processing
  • Lower cost
  • Better scalability
  • Loosely coupled services

Supported Event Destinations

Amazon S3 can send notifications to:

Destination Purpose
Lambda Execute code
SQS Queue processing
SNS Fan-out notifications
EventBridge Enterprise event routing

High Level Architecture

flowchart TD

A[User]

B[S3 Bucket]

C[S3 Event]

D[Lambda]

E[SQS]

F[SNS]

G[EventBridge]

H[Spring Boot]

A --> B
B --> C
C --> D
C --> E
C --> F
C --> G
E --> H

Real World Use Cases

Image Upload

Upload image

Lambda resizes image

Store thumbnail

PDF Upload

Upload PDF

Extract metadata

Save into Database

Invoice Upload

Upload Invoice

OCR Processing

Save extracted data

Resume Upload

Upload Resume

AI Resume Parsing

Store candidate profile

Video Upload

Upload MP4

Generate Thumbnail

Convert Resolution

Store Output

Supported Events

Event
Object Created
Object Deleted
Object Restore
Object ACL Updated
Object Tagging
Replication

Object Created Events

s3:ObjectCreated:*

Includes:

  • PUT
  • POST
  • COPY
  • Multipart Upload

Object Deleted Events

s3:ObjectRemoved:*

Includes:

  • Delete
  • Delete Marker

Event Notification Flow

flowchart LR

Upload

S3

Notification

Lambda

Database

Upload --> S3
S3 --> Notification
Notification --> Lambda
Lambda --> Database

S3 to Lambda

One of the most common integrations.

flowchart LR

User

S3

Lambda

Database

User --> S3
S3 --> Lambda
Lambda --> Database

Typical work:

  • Resize image
  • OCR
  • Virus Scan
  • Metadata Extraction
  • AI Processing

S3 to SQS

Instead of processing immediately, send event to queue.

flowchart LR

User

S3

SQS

Spring Boot

Database

User --> S3
S3 --> SQS
SQS --> Spring Boot
Spring Boot --> Database

Benefits:

  • Retry
  • Scalability
  • Buffering
  • Asynchronous processing

S3 to SNS

SNS broadcasts event.

flowchart LR

S3

SNS

Email

Lambda

SQS

S3 --> SNS
SNS --> Email
SNS --> Lambda
SNS --> SQS

Fan-out architecture.

S3 to EventBridge

flowchart LR

S3

EventBridge

Rule

Lambda

Step Functions

S3 --> EventBridge
EventBridge --> Rule
Rule --> Lambda
Rule --> Step Functions

Best for enterprise workflows.

Upload Image Example

profile.png uploaded

Event Generated

Lambda Triggered

Resize

Thumbnail Generated

Save Thumbnail

Upload PDF Example

resume.pdf

Extract Text

Store Metadata

Notify Recruiter

Upload Excel Example

customers.xlsx

SQS

Spring Batch

Database

Upload ZIP

logs.zip

Lambda

Extract

CloudWatch

Upload CSV

orders.csv

SQS

Spring Boot

Database

Event Filtering

Suppose bucket contains

images/

pdf/

videos/

Trigger only images.

Prefix

images/

Trigger only png

Suffix

.png

Prefix Example

uploads/profile/

Only profile uploads trigger event.

Suffix Example

.pdf

Only PDFs.

Prefix + Suffix

documents/

.pdf

Only PDF inside documents folder.

Event Payload

Typical payload contains

Bucket Name

Object Key

Size

Region

Event Time

Event Name

Sample Event

{
  "bucket":"documents",
  "key":"resume.pdf",
  "event":"ObjectCreated"
}

Retry Behavior

Lambda retries automatically.

SQS retries until visibility timeout expires.

EventBridge supports retries.

Dead Letter Queue

flowchart LR

S3

SQS

Spring Boot

DLQ

S3 --> SQS
SQS --> Spring Boot
Spring Boot --> DLQ

Failed messages go to DLQ.

Security

Never make bucket public.

Use:

  • IAM Roles
  • Bucket Policy
  • Encryption
  • KMS

Encryption

Options:

  • SSE-S3
  • SSE-KMS
  • Client Side Encryption

Monitoring

Monitor using:

  • CloudWatch
  • CloudTrail
  • AWS Config

Metrics

Watch

  • Failed Notifications
  • Lambda Errors
  • Queue Depth
  • Processing Time
  • Retry Count

CloudWatch Architecture

flowchart LR

S3

Lambda

CloudWatch

Alarm

SNS

S3 --> Lambda
Lambda --> CloudWatch
CloudWatch --> Alarm
Alarm --> SNS

IAM Permissions

Allow

s3:GetObject

s3:PutObject

s3:ListBucket

Least privilege.

Bucket Policy

Restrict access to:

  • IAM Role
  • VPC Endpoint
  • Organization

Production Architecture

flowchart TD

Users

CloudFront

S3

EventBridge

SQS

Spring Boot

Aurora

CloudWatch

Users --> CloudFront
CloudFront --> S3
S3 --> EventBridge
EventBridge --> SQS
SQS --> Spring Boot
Spring Boot --> Aurora
Spring Boot --> CloudWatch

Large Scale Processing

Millions of uploads/day

S3

SQS

Multiple Spring Boot Consumers

Database

Scaling

Increase:

  • Queue Consumers
  • Lambda Concurrency
  • Auto Scaling

Cost Optimization

Use

  • Lifecycle Rules
  • Intelligent Tiering
  • Batch Processing

Best Practices

  • Keep buckets private
  • Use IAM Roles
  • Enable Versioning
  • Enable Encryption
  • Configure Retry
  • Use DLQ
  • Use EventBridge for enterprise
  • Filter unnecessary events
  • Monitor CloudWatch
  • Use Infrastructure as Code
  • Log every event
  • Store metadata separately
  • Use lifecycle policies
  • Enable object lock if needed
  • Test failure scenarios

Common Errors

Notification Not Triggering

Reason:

Wrong event configured.

Lambda Permission Error

Grant invoke permission.

SQS Access Denied

Update queue policy.

Duplicate Events

Applications should be idempotent.

Never assume event delivery exactly once.

Event Ordering

S3 does not guarantee strict ordering.

Always design consumers accordingly.

Spring Boot Integration

Spring Boot typically consumes events from:

  • Amazon SQS
  • EventBridge
  • SNS

Rarely directly from S3.

Enterprise Example

Customer uploads document.

S3

EventBridge

SQS

Spring Boot Validation

Virus Scan

Metadata Extraction

Aurora Database

Notification Service

Email Customer

Comparison

Destination Best Use
Lambda Small processing
SQS Async queue
SNS Broadcast
EventBridge Enterprise workflows

Interview Questions

What are S3 Event Notifications?

They automatically send events when objects are created, deleted, restored, or modified.

Can S3 trigger Lambda?

Yes.

Can S3 send messages to SQS?

Yes.

Can S3 publish to SNS?

Yes.

Can S3 integrate with EventBridge?

Yes.

Why use SQS?

To decouple producers and consumers.

Why use EventBridge?

For enterprise event routing and integration across AWS services.

What is event filtering?

Filtering events by prefix and suffix before sending notifications.

Can S3 guarantee exactly-once delivery?

No.

Applications should be idempotent.

What is DLQ?

Dead Letter Queue stores failed messages for later analysis.

Why should buckets remain private?

For security. Use IAM roles and presigned URLs instead of public buckets.

Summary

In this article, we learned Amazon S3 Event Notifications from a high-level architectural perspective.

We covered:

  • S3 Event Notifications overview
  • Event-driven architecture
  • Lambda integration
  • SQS integration
  • SNS integration
  • EventBridge integration
  • Event filtering
  • Security
  • Monitoring
  • Retry and DLQ
  • Production architecture
  • Best practices
  • Interview questions

S3 Event Notifications are a core building block for modern event-driven AWS architectures. They enable highly scalable, loosely coupled systems by automatically triggering downstream services whenever objects are created, deleted, or modified.

Loading likes...

Comments

Share a question, correction, or practical insight about this article.

Loading approved comments...