By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to invoke a lambda function upon file receive in an existing S3 bucket after receiving the 'Unable to validate the following destination configurations' error?

0

Hello,

I am attempting to create an event notification when a file is created within a bucket that has a specific prefix. I successfully did this without any errors over a month ago for 6 different functions. Unfortunately, after trying to create new functions, I am receiving the:

"Unable to validate the following destination configurations" error.

I tried several online tutorials and videos and still no luck. I am hoping someone from AWS (or someone who has overcame this error before) has a solution for this as this has been an on going problem for over a month. I've tried invoking via Lambda, SNS, and more while trying to create several variations of JSON format policies. Below are some of the resources I've tried to utilize so far:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html

https://docs.aws.amazon.com/lambda/latest/dg/with-s3-example.html

https://repost.aws/knowledge-center/unable-validate-destination-s3

https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html

https://www.youtube.com/watch?v=RjSW75YsBMM

https://www.youtube.com/watch?v=B2Ra7X8rymw

https://www.youtube.com/watch?v=aKBeg-K2vdc&t=177s

https://stackoverflow.com/questions/47215544/s3-bucket-lambda-event-unable-to-validate-the-following-destination-configurati#comment88629184_47674337

What I am very unclear about is how the other 6 functions are working with identical permissions, but I am unable to create other ones. Configuration (with the exception of the Triggers) are identical.

Any help would be greatly appreciated!

Topics
StorageServerlessComputeAnalyticsApplication Integration
Tags
Amazon Simple Storage ServiceAWS LambdaAWS GlueAmazon Simple Notification Service (SNS)
Language
English
Nick
asked 8 months ago475 views
1 Answer
0

It seems like prmissions for Amazon S3 to invoke your Lambda function is missing.

If you are doing through eventbridge rule, then here is how you can add if deploying through cloudformation.

rLambdaInvokePermission:
   Type: 'AWS::Lambda::Permission'
   Properties:
     FunctionName: !Ref myLambdaFunction
     Action: 'lambda:InvokeFunction'
     Principal: events.amazonaws.com
     SourceArn: !GetAtt rEventRule.Arn

If you are using s3 event trigger, then refer LambdaInvokePermission portion at this re:Post thread, which covers this step by step.

Please refer AWS Documentation for more details.

Hope you find this useful.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERT
secondabhi_aws
answered 8 months ago
  • Nick
    8 months ago

    If my permissions are missing, why does it work for the other 6 functions with the same permissions working? Also, this answer references resources I have already reviewed which I included in my post.

  • secondabhi_aws EXPERT
    8 months ago

    I understand that's working for other six lambda functions but have you added these permissions to this lambda function?

  • secondabhi_aws EXPERT
    8 months ago

    These permissions are resource based permission and have to be associated with each resource(lambda in this case).

  • secondabhi_aws EXPERT
    8 months ago

    Do you see s3 event as trigger added to your lambda function? Also for that lambda function -> Go to Configuration -> Permissions -> Resource-based policy statements -> See if you are able to find the policy for your s3 bucket/prefix there. This error comes when this resource policy is missing.

    Another thing, I'd do to isolate the issue, try creating the s3 event notification for All object create events(s3:ObjectCreated:*) instead of just PutObject, as if file size is big then "Multipart upload completed(s3:ObjectCreated:CompleteMultipartUpload)" would be the event and in case of file copy between s3 buckets, "Copy(s3:ObjectCreated:Copy)" would be the event.

  • Nick
    8 months ago

    The permissions are identical for each lambda function which include the LambdaInvokePermission (found in the stackoverflow link in my question above), for the 6 other functions and the new function. The 'All object create events' have been used for each function as well and the new ones still are failing to create. As stated in my question, the configuration for the resource-based policy statements are the same for the new and old functions.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content