Home/ Questions/How to deal with the unable to validate the following destination configurations errors?
Next
Answered
Maya Anderson
  • 22
Asked: 2022-05-18T18:08:42+00:00 In:

How to deal with the unable to validate the following destination configurations errors?

  • 22

. Advertisement .

..3..

. Advertisement .

..4..

I get the “unable to validate the following destination configurations” error as the title says. How can I fix it so the error goes away?

Here is my detail:

const aws = require('aws-sdk');
 const uuidv4 = require('uuid/v4');
 
 aws.config.update({
  accessKeyId: 'key',
  secretAccessKey:'secret',
  region: 'us-west-1'
 });
 
 const s3 = new aws.S3();
 
 const params = {
  Bucket: `bucket-${uuidv4()}`,
  ACL: "private",
  CreateBucketConfiguration: {
  LocationConstraint: 'us-west-1'
  }
 };
 
 s3.createBucket(params, function (err, data) {
  if (err) {
  throw err;
  } else {
  const bucketUrl = data.Location;
 
  const bucketNameRegex = /bucket-[a-z0-9\-]+/;
  const bucketName = bucketNameRegex.exec(bucketUrl)[0];
 
  const params = {
  Bucket: bucketName,
  NotificationConfiguration: {
  LambdaFunctionConfigurations: [
  {
  Id: `lambda-upload-notification-${bucketName}`,
  LambdaFunctionArn: 'arn:aws:lambda:us-west-1:xxxxxxxxxx:function:respondS3Upload',
  Events: ['s3:ObjectCreated:CompleteMultipartUpload']
  },
  ]
  }
  };
 
  // Throws "Unable to validate the following destination configurations" until an event is manually added and deleted from the bucket in the AWS UI Console
  s3.putBucketNotificationConfiguration(params, function(err, data) {
  if (err) {
  console.error(err);
  console.error(this.httpResponse.body.toString());
  } else {
  console.log(data);
  }
  });
  }
 });

When I operated it, I received the error text:

{ InvalidArgument: Unable to validate the following destination configurations
  at Request.extractError ([...]/node_modules/aws-sdk/lib/services/s3.js:577:35)
  at Request.callListeners ([...]/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
  at Request.emit ([...]/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
  at Request.emit ([...]/node_modules/aws-sdk/lib/request.js:683:14)
  at Request.transition ([...]/node_modules/aws-sdk/lib/request.js:22:10)
  at AcceptorStateMachine.runTo ([...]/node_modules/aws-sdk/lib/state_machine.js:14:12)
  at [...]/node_modules/aws-sdk/lib/state_machine.js:26:10
  at Request.<anonymous> ([...]/node_modules/aws-sdk/lib/request.js:38:9)
  at Request.<anonymous> ([...]/node_modules/aws-sdk/lib/request.js:685:12)
  at Request.callListeners ([...]/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
  message: 'Unable to validate the following destination configurations',
  code: 'InvalidArgument',
  region: null,
  time: 2017-11-10T02:55:43.004Z,
  requestId: '9E1CB35811ED5828',
  extendedRequestId: 'tWcmPfrAu3As74M/0sJL5uv+pLmaD4oBJXwjzlcoOBsTBh99iRAtzAloSY/LzinSQYmj46cwyfQ=',
  cfId: undefined,
  statusCode: 400,
  retryable: false,
  retryDelay: 4.3270874729153475 }
 
 <?xml version="1.0" encoding="UTF-8"?>
 <Error>
  <Code>InvalidArgument</Code>
  <Message>Unable to validate the following destination configurations</Message>
  <ArgumentName1>arn:aws:lambda:us-west-1:xxxxxxxxxx:function:respondS3Upload, null</ArgumentName1>
  <ArgumentValue1>Not authorized to invoke function [arn:aws:lambda:us-west-1:xxxxxxxxxx:function:respondS3Upload]</ArgumentValue1>
  <RequestId>9E1CB35811ED5828</RequestId>
  <HostId>tWcmPfrAu3As74M/0sJL5uv+pLmaD4oBJXwjzlcoOBsTBh99iRAtzAloSY/LzinSQYmj46cwyfQ=</HostId>
 </Error>

I appreciate any help from you.

unable to validate
Share

2 Answers

  1. Best Answer
    Expert

    The cause: This message appears because your s3 bucket lacks authorization to invoke your lambda function.

    The solution: There are two sorts of permissions required, according to AWS documentation:

    1. Permissions to call services from your Lambda function
    2. Permissions to call your Lambda function from Amazon S3.
      So, you should make an object with the type ‘AWS::Lambda::Permission’ that looks like this:

      {
     "Version": "2012-10-17",
     "Id": "default",
     "Statement": [
        {
            "Sid": "<optional>",
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
           "Action": "lambda:InvokeFunction",
           "Resource": "<ArnToYourFunction>",
           "Condition": {
               "StringEquals": {
                   "AWS:SourceAccount": "<YourAccountId>"
               },
              "ArnLike": {
                  "AWS:SourceArn": "arn:aws:s3:::<YourBucketName>"
              }
           }
        }
    ]
}
    • 14

  2. Here are the AWS JavaScript SDK and Lambda API docs https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html#addPermission-property https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html

    This line is in the JS SDK docs:

    SourceArn: "arn:aws:s3:::examplebucket/*",

    It wouldn’t work for me and I kept getting the Unable to validate the following destination configurations error.

    Change it

    SourceArn: "arn:aws:s3:::examplebucket",

    This issue was fixed. It was not correct /*, and I should have looked more closely at the answer that I got. However, I was trying to follow AWS docs.

    After a long time of development and the creation of many buckets, Lambda permissions, and S3 Lambda notifications, adding permission to each bucket added them to the bottom. The policy apparently has a maximum size.

    It doesn’t appear that the policy can be edited in AWS Management Console, so I had fun deleting every entry using the SDK. I copied the policy JSON and pulled out the Sids. I then called removePermission in loop (which gave me rate limit errors, so I had to do it many times).

    Finally, I found that Lambda can access all S3 buckets by omitting SourceArn.

    Here is my final code that I used the SDK to add permissions. This is the code I ran once for my function.

    const aws = require('aws-sdk');

aws.config.update({
 accessKeyId: process.env.AWS_ACCESS,
 secretAccessKey: process.env.AWS_SECRET,
 region: process.env.AWS_REGION,
});

// Creates Lambda Function Policy which must be created once for each Lambda function
// Must be done before calling s3.putBucketNotificationConfiguration(...)
function createLambdaPermission() {
 const lambda = new aws.Lambda();

 const params = {
 Action: 'lambda:InvokeFunction',
 FunctionName: process.env.AWS_LAMBDA_ARN,
 Principal: 's3.amazonaws.com',
 SourceAccount: process.env.AWS_ACCOUNT_ID,
 StatementId: `example-S3-permission`,
 };

 lambda.addPermission(params, function (err, data) {
 if (err) {
 console.log(err);
 } else {
 console.log(data);
 }
 });
}
    • 18

Leave an answer

You must login to add an answer.

Need An Account,