1 Answer
- Newest
- Most votes
- Most comments
0
Unable to validate the following destination configurations
in most cases means that there is no permission to call Lambda.
You can validate LambdaPermission, it probably allows notification to InvokeFunction without version, so you need to allow to invoke a particular version or use *.
answered 4 years ago
Relevant content
- asked 2 years ago
I have Allow '*' on '*'.
There are two permission concepts associated with an AWS lambda. One is the role associated with the lambda which indicates what a lambda can invoke. And there is a second thing which indicates who can invoke the lambda. Do you have a Allow * on * for who can invoke the lambda. In that case anyone on the internet can invoke the lambda, which is quite unsafe.
I meant my login is an admin level account. The Lambda is very private, and has only the basic permissions it needs to execute and to write to CloudWatch. The S3 Bucket is also very private.
This was a test of whether we could configure a Lambda to perform actions when it noticed a change in an S3 bucket. I set them up last week and it works fine. It's just (right now) logging the changes in the bucket as they occur. I have permissions in my login which allow me to do all this through the GUI, but one of the goals is to get to where our Lambdas are published with shell scripts that call the AWS client so as to avoid the hazards of human behavior.
The publishing is working splendidly, and creating a new version is as well, but telling the S3 bucket to use the new version ARN (which I can do by hand in the GUI) is the point of failure.