Unable to validate the following destination configuration

Typically, the ‘Unable to validate the following destination configurations’ error when attempting to configure an S3 event notification is returned in the following scenarios:

At least one of the destinations configured for the S3 events do not exist. The destination does not have a valid resource-based policy.

A. If the bucket has existing configure event destination, ensure that they are all vaild and still exist. If there is any event notification not existing, make sure that you remove the event notification from the s3 bucket and try again.

B. If no existing event desitantions, make sure to replace the access policy that's attached:

1. For SQS:

{ "Version": "2012-10-17", "Id": "example-ID", "Statement": [ { "Sid": "example-statement-ID", "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": [ "SQS:SendMessage" ], "Resource": "SQS-queue-ARN", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1" }, "StringEquals": { "aws:SourceAccount": "bucket-owner-account-id" } } } ] }

Replace with your Amazon SQS ARN, source bucket name, and bucket owner account ID.

2. For SNS:

{ "Version": "2012-10-17", "Id": "example-ID", "Statement": [ { "Sid": "Example SNS topic policy", "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": [ "SNS:Publish" ], "Resource": "SNS-topic-ARN", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:s3:*:*:amzn-s3-demo-bucket" }, "StringEquals": { "aws:SourceAccount": "bucket-owner-account-id" } } } ] }

Replace with your Amazon SNS topic ARN, source bucket name, and bucket owner account ID.

Refrence:-

• https://docs.amazonaws.cn/en_us/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.html#grant-sns-sqs-permission-for-s3