English 日本語
INTERSTELLAR TECH BLOG

What to do if you get an error “Unable to validate the following destination configurations” when trying to configure Amazon S3 to send event notifications to Amazon SNS

Hi, I am Agata.

This time, I tried to set up Amazon S3 to send event notifications to Amazon SNS, but I got the error “Unable to validate the following destination configurations” and could not set it up. Here are the working notes.

Cause

This is a problem on the topic side of social networking.

By default, Access policy is not set to allow access from S3, so Access policy must be set to allow access to Amazon SNS topics from the S3 bucket side.

Settings

Follow the steps below to set the Access policy for an Amazon SNS topic.

  1. Open the AWS Management Console.
  2. Go to the Amazon SNS Settings page.
  3. Click “Topic” in the left menu to display the list of topics.
  4. From the list of topics, click on the topic for which you want to send S3 event notifications.
  5. Click the “Edit” button in the upper right corner.
  6. Click the “Access policy” toggle to open it.
  7. Enter the following policy in the JSON editor. The orange part is the policy you added. Replace <Region>, <AccountID>, <Topic> and <BucketName> as appropriate.
{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish"
      ],
      "Resource": "arn:aws:sns:<Region>:<AccountID>:<Topic>",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "<AccountID>"
        }
      }
    },
    {
      "Sid": "S3-policy",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:<region>:<AccountID>:<Topic>",
      "Condition": {
        "StringEquals": {
          "AWS:SourceArn": "arn:aws:s3:::<BucketName>"
        }
      }
    }
  ]
}

When you are finished, click the “Save Changes” button in the lower right corner to exit.

After this, if you set up notifications on the S3 side, you should be able to set them up without any problems.