Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cannot create an S3 Event Notification

0

Hello. I am having issues with creating an easy S3 event notification that I'd previously created on Sunday and Monday in preparation for a demo I need to run at the end of the week.

It is a simple lab- the image processing lab where I have the image bucket and the thumbnail bucket. I have an SQS queue that I created for the destination. All this was going to be done in the management console.

I created the two buckets, added the permissions in IAM, then created the SQS queue (standard). I went back to S3, went to the S3 event notifications to configure the notifications, and when I chose the SQS Queue I created, I am now getting errors. This is after doing the lab multiple times on Sunday and Monday. Tuesday (today), I've been working the same steps over and over nonstop, and I am getting error messages. Either there's an issue with S3 or with SQS. I've checked the AWS Health Dashboard, and I see nothing wrong. I've worked this through from my root account of a different account. I've worked this from my IAM administrator account. I've worked this through different regions. I have a friend who is a programmer and an AAI, and she is getting the same error. I am beginning to think this is some kind of issue with AWS like the IAM Global issue AWS had on Monday? Here is the message I'm getting:

Unknown Error An unexpected error occurred. Try again later. If the error persists, contact AWS Support for assistance . API response Unable to validate the following destination configurations

Topics
Management & Governance
Tags
AWS Health
Language
English
asked 9 months ago341 views
2 Answers
1

Hello.

Is the queue policy set in the target SQS queue as described in the following document?
If this is not set, it cannot be set as the destination for S3 event notifications.
https://repost.aws/knowledge-center/lambda-invoke-error-s3-bucket-permission#:~:text=Example%20Amazon%20SQS%20queue%20destination%20policy%3A

{
    "Version": "2012-10-17",
    "Id": "example-ID",
    "Statement": [
        {
            "Sid": "example-statement-ID",
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": [
                "SQS:SendMessage"
            ],
            "Resource": "arn:aws:sqs:Region:account-id:queue-name",
            "Condition": {
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1"
                },
                "StringEquals": {
                    "aws:SourceAccount": "bucket-owner-account-id"
                }
            }
        }
    ]
}
EXPERT
answered 9 months ago
EXPERT
reviewed 9 months ago
0

The issue you're experiencing with creating an S3 event notification to an SQS queue is likely related to permissions. Even though you've successfully created the S3 buckets, SQS queue, and IAM permissions, there's an additional step required to allow S3 to send messages to the SQS queue.

To resolve this, you need to add a resource-based policy to the SQS queue. This policy should grant permission to the S3 service to send messages to the queue. Here's what you need to do:

  1. Go to the SQS console and select your queue.
  2. In the queue's details, find the "Access policy" section and edit it.
  3. Add a policy that allows S3 to send messages to this queue. The policy should look similar to this:

{ "Version": "2012-10-17", "Id": "example-ID", "Statement": [ { "Sid": "example-statement-ID", "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": "SQS:SendMessage", "Resource": "ARN-of-your-SQS-queue", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:s3:::your-s3-bucket-name" }, "StringEquals": { "aws:SourceAccount": "your-account-id" } } } ] }

Make sure to replace the placeholder values with your actual SQS queue ARN, S3 bucket name, and AWS account ID.

After adding this policy, try creating the S3 event notification again. This should resolve the "Unable to validate the following destination configurations" error you're encountering.

If you're still experiencing issues after applying this policy, it might be worth checking if there are any service disruptions or reaching out to AWS Support for further assistance.
Sources
S3 event notification to SQS | AWS re:Post
Cyclic dependency issue while using CloudFormation template for event notification configuration between S3 and SQS | AWS re:Post
S3 Events to SQS Trigger - Unable to validate the following destination configuration | AWS re:Post

answered 9 months ago
EXPERT
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content