S3 Events to SQS Trigger - Unable to validate the following destination configuration

Question

I am trying to trigger SQS Events when an Object is created/Put in S3 Bucket. I followed everything mentioned [here](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.html) to the letter.
Yet, I am getting the error message from Cloudformation :-

`Unable to validate the following destination configurations. (Service:S3, Status Code: 400, Reqeust Id: xxxx....)`

I have the following bucket policies :-

**Deny Non SSL requests :-**

```
Effect:"Deny"
Action: s3: *
Condition :{
    "Bool": {
          "aws:SecureTransport":"false"
     }
}
```
**Deny POST or pre-signed URL requests**

```
Effect :"Deny"
NotAction: "s3:InitiateReplication"
Condition:{
  "StringNotEquals":{
       "s3:authType": "REST-HEADER"

```

1. First, I deployed S3 Stack without Event Trigger
2. Then, I deployed KMS stack with S3 policy
3. Then, I deployed SQS Stack with policy and used the above KMS for encryption
4. Then, I updated S3 stack to enable Event trigger for all Object Created

I am getting `Unable to validate the following destination configurations. (Service:S3, Status Code: 400, Reqeust Id: xxxx....)`

Please help, if I am missing something !!

Answer

Hello.

What are your SQS and KMS key policies configured?  
I think the settings are as described in the document below, but please double check.  
https://repost.aws/knowledge-center/sqs-s3-event-notification-sse

S3 Events to SQS Trigger - Unable to validate the following destination configuration

Relevant content