S3 Events to SQS Trigger - Unable to validate the following destination configuration

0

I am trying to trigger SQS Events when an Object is created/Put in S3 Bucket. I followed everything mentioned here to the letter. Yet, I am getting the error message from Cloudformation :-

Unable to validate the following destination configurations. (Service:S3, Status Code: 400, Reqeust Id: xxxx....)

I have the following bucket policies :-

Deny Non SSL requests :-

Effect:"Deny"
Action: s3: *
Condition :{
    "Bool": {
          "aws:SecureTransport":"false"
     }
}

Deny POST or pre-signed URL requests

Effect :"Deny"
NotAction: "s3:InitiateReplication"
Condition:{
  "StringNotEquals":{
       "s3:authType": "REST-HEADER"


  1. First, I deployed S3 Stack without Event Trigger
  2. Then, I deployed KMS stack with S3 policy
  3. Then, I deployed SQS Stack with policy and used the above KMS for encryption
  4. Then, I updated S3 stack to enable Event trigger for all Object Created

I am getting Unable to validate the following destination configurations. (Service:S3, Status Code: 400, Reqeust Id: xxxx....)

Please help, if I am missing something !!

1 Answer
0

Hello.

What are your SQS and KMS key policies configured?
I think the settings are as described in the document below, but please double check.
https://repost.aws/knowledge-center/sqs-s3-event-notification-sse

profile picture
EXPERT
answered 3 months ago
  • Yes, it is there. Also, for S3 event , I am using

    s3:ObjectEvent:*

    SQS Policy is as is. I even tried removing

    "StringEquals": { "aws:SourceAccount": "bucket-owner-account-id" }

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions