I'm working in an environment where anyone with the necessary access is allowed to create an S3 bucket; however, it's getting to a point where we have a lot of buckets and it is hard to keep track of who created the bucket. I know it is possible to tag the buckets with the owner name, but I am looking for a more automated solution.
Is it possible to invoke a lambda function every time a bucket is created? Or is it possible to track bucket creation with cloudtrail where system administrators would get an sns notification when an s3 bucket is created?
I know it is possible to configure s3 event notification inside a bucket to trigger lambda functions/cloudwatch metrics, but I need a trigger for the entire s3 application.
Cloudtrail tracks all API Actions occurring within an account. What you want to do is create a cloudwatch event rule that triggers off the CreateBucket action then have it invoke Lambda or trigger a sns notification.
See: Creating a CloudWatch Events Rule That Triggers on an AWS API Call Using AWS CloudTrail