I am using 'aws s3api put-bucket-notification-configuration' and I'm getting the following error:
An error occurred (InvalidArgument) when calling the PutBucketNotificationConfiguration operation: Unable to validate the following destination configurations
There is no actual 'output' following that statement.
What I'm doing is editing a Lambda function, pushing that up using 'aws lambda update-function-code', then publishing a version using 'aws lambda publish-version', getting the new ARN and running the 'aws s3api put-bucket-notification-configuration' to install the new ARN into the S3 bucket's notification configuration.
The only difference between the JSON file I'm using and the output of the 'aws s3api get-bucket-notification-configuration' command is the version number on the end of the ARN.
Using the output of 'aws s3api get-bucket-notification-configuration' as the '--notification-configuration ' file works fine, but the one with the new version number fails. Strangely, previous version numbers which I know to have been working also fail.
AWS OFFICIALUpdated a year ago
I have Allow '*' on '*'.
There are two permission concepts associated with an AWS lambda. One is the role associated with the lambda which indicates what a lambda can invoke. And there is a second thing which indicates who can invoke the lambda. Do you have a Allow * on * for who can invoke the lambda. In that case anyone on the internet can invoke the lambda, which is quite unsafe.
I meant my login is an admin level account. The Lambda is very private, and has only the basic permissions it needs to execute and to write to CloudWatch. The S3 Bucket is also very private.
This was a test of whether we could configure a Lambda to perform actions when it noticed a change in an S3 bucket. I set them up last week and it works fine. It's just (right now) logging the changes in the bucket as they occur. I have permissions in my login which allow me to do all this through the GUI, but one of the goals is to get to where our Lambdas are published with shell scripts that call the AWS client so as to avoid the hazards of human behavior.
The publishing is working splendidly, and creating a new version is as well, but telling the S3 bucket to use the new version ARN (which I can do by hand in the GUI) is the point of failure.