Unable to validate the following destination configuration

Typically, the ‘Unable to validate the following destination configurations’ error when attempting to configure an S3 event notification is returned in the following scenarios:

• At least one of the destinations configured for the S3 events do not exist.

• The destination does not have a valid resource-based policy.

To resolve this issue:

A. For Existing Event Configurations:

• Verify that all configured event destinations are valid and currently exist
• Remove any non-existing event notifications from the S3 bucket
• Retry the configuration after cleanup

B. For New Event Destinations:

• Ensure the appropriate access policy is attached to the destination resource
• Verify the policy contains the correct permissions and principals
• Make sure to replace the access policy that's attached to the resource

1. For SQS: : Replace the access policy that's attached to the queue with the following policy:

{
    "Version": "2012-10-17",
    "Id": "example-ID",
    "Statement": [
        {
            "Sid": "example-statement-ID",
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": [
                "SQS:SendMessage"
            ],
            "Resource": "SQS-queue-ARN",
            "Condition": {
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1"
                },
                "StringEquals": {
                    "aws:SourceAccount": "bucket-owner-account-id"
                }
            }
        }
    ]
}

Replace with your Amazon SQS ARN, source bucket name, and bucket owner account ID.

2. For SNS:: Replace the access policy attached to the topic with the following policy:

{
    "Version": "2012-10-17",
    "Id": "example-ID",
    "Statement": [
        {
            "Sid": "Example SNS topic policy",
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": [
                "SNS:Publish"
            ],
            "Resource": "SNS-topic-ARN",
            "Condition": {
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:s3:*:*:amzn-s3-demo-bucket"
                },
                "StringEquals": {
                    "aws:SourceAccount": "bucket-owner-account-id"
                }
            }
        }
    ]
}    

Replace with your Amazon SNS topic ARN, source bucket name, and bucket owner account ID.

Refrence:-

• https://docs.amazonaws.cn/en_us/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.html#grant-sns-sqs-permission-for-s3