I have an S3 bucket that already has an existing event notification to SQS,it looks like below:

I tried to manually add another event notification in the AWS console which the destination is a Lambda function, so that the event notification will look like this :

But I kept receiving the error message: "Unable to validate the following destination configurations"

I have tried the following already:

• Gave temporary full permission to the lambda execution role
• Modified the lambda function's resource-based policy to give S3 the permissions:
  • lambda:InvokeFunction
  • lambda:GetFunctionConfiguration
  • lambda:UpdateFunctionConfiguration
  • lambda:GetFunction
• Tried to use PUT event type on the s3_put_lambda

I have also tried to do this on a different S3 bucket that had no existing event notification - and it worked without adjusting anything which led me to believe that the problem is in the S3 bucket.

The S3 bucket and Lambda function are in the same region.

Any insights will help. Thanks!

CodePudding user response：

Target queue of existing event notif has invalid access policy

The destination of the existing event notif is a queue, and the queue uses an invalid policy. This might have caused an issue on the validation on AWS side which was triggered when I tried adding a new event notif.

Sharing here the steps that I did to discover and then resolve the issue:

1. Temporarily event notif (existing) to SQS (thanks to John Rotenstein for the tip)
2. Added the event notif (new) to Lambda and succeed
3. Re-added the event notif to SQS but failed and got the Unable to validate the following destination configurations error prompt
4. Checked policy of the target queue, discovered it was invalid
5. Corrected the policy of target queue
6. Re-added the event notif to SQS and succeded