I'm trying to create S3 event notification to SNS topic from an existing S3 bucket. I'm receiving "Unable to validate the following destination configurations".
Initially I thought the issue was with the SNS topic Access Policy and tried different troubleshooting suggestions, such as this video https://www.youtube.com/watch?v=RjSW75YsBMM, but nothing worked.
I'm using the following policy:
{
"Version": "2012-10-17",
"Id": "example-ID",
"Statement": [
{
"Sid": "Example SNS topic policy",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": [
"SNS:Publish"
],
"Resource": "SNS-topic-ARN",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:bucket-name"
},
"StringEquals": {
"aws:SourceAccount": "bucket-owner-account-id"
}
}
}
]
}
Then I decided to focus on the S3 bucket part of the equation and created brand new bucket with exactly the same configuration, switched the SourceArn in the policy with the new bucket's arn and the event notification was successfully created.
What could be the reason for a given SNS topic with a given policy to work with one S3 bucket, but not with another?
Do you have event notifications enabled for the S3 bucket? There are several types of events that can be configured for a bucket.
It looks like for SNS, you'd need the NotificationConfiguration of the bucket itself to include a TopicConfiguration. Maybe this is enabled for one bucket but not the other?
Related walkthrough is here.