Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to validate the following destination configurations #7021

Closed
ghost opened this issue Jan 3, 2019 · 4 comments
Closed

Unable to validate the following destination configurations #7021

ghost opened this issue Jan 3, 2019 · 4 comments
Labels
service/s3 Issues and PRs that pertain to the s3 service.

Comments

@ghost
Copy link

ghost commented Jan 3, 2019

This issue was originally opened by @sumitkgaur as hashicorp/terraform#19756. It was migrated here as a result of the provider split. The original body of the issue is below.


root@ip-10-1-0-193:/home/bamboo/bamboo-agent-home/xml-data/build-dir/PLT-NONPRODDEV-BUILDJOB/terraform/dev# terraform -v
Terraform v0.11.7

  • provider.aws v1.31.0

Your version of Terraform is out of date! The latest version
is 0.11.11. You can update by downloading from www.terraform.io/downloads.html

=============
Addition a lambda function notification to S3 bucket is failing

19-Dec-2018 14:27:55 * aws_s3_bucket_notification.dev-employer-user-insertion-notification: 1 error(s) occurred:
19-Dec-2018 14:27:55  
19-Dec-2018 14:27:55 * aws_s3_bucket_notification.dev-employer-user-insertion-notification: Error putting S3 notification configuration: InvalidArgument: Unable to validate the following destination configurations
19-Dec-2018 14:27:55 status code: 400, request id: B3EBEEB279883206, host id: CgRcW6tqmuWjFMofLKUFgdTN4wqmyISRQQWuYu06Ztzaj+moyu2l21Vs0Nd9dRaGQzoOQbFzCLU=

=====================================================

resource "aws_lambda_permission" "allow-bucket" {
statement_id = "AllowExecutionFromS3Bucket"
action = "lambda:InvokeFunction"
function_name = "arn:aws:lambda:ap-southeast-2:962294302145:function:startEmployerInsertion"
principal = "s3.amazonaws.com"
source_arn = "${aws_s3_bucket.dev-employer-user-insertion.arn}"
}

resource "aws_s3_bucket" "dev-employer-user-insertion" {
bucket = "dev-employer-user-insertion"
acl = ""
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
lifecycle {
prevent_destroy = true
}
}

resource "aws_s3_bucket_notification" "dev-employer-user-insertion-notification" {
bucket = "${aws_s3_bucket.dev-employer-user-insertion.id}"

lambda_function {
lambda_function_arn = "arn:aws:lambda:ap-southeast-2:962294302145:function:startEmployerInsertion"
events = ["s3:ObjectCreated:*"]
filter_prefix = "employerInsertionUploads/"
filter_suffix = ".csv"
}
}

@bflad
Copy link
Contributor

bflad commented Jan 3, 2019

Hi @sumitkgaur 👋 Sorry for the trouble here.

As a general recommendation, I would add depends_on = ["aws_lambda_permission.allow-bucket"] to your aws_s3_bucket_notification resource configuration (or lambda_function_arn = "${aws_lambda_permission.allow-bucket.function_name}") to set up proper ordering within Terraform. Currently, it will attempt to perform both operations at the same time. We should also be automatically retrying the API call on that specific error message for 1 minute, although with Lambda and S3 eventual consistency, the timing may require more than 1 minute:

https://github.com/terraform-providers/terraform-provider-aws/blob/b46d598bce3a4e0c45b82cb373da903c317ea618/aws/resource_aws_s3_bucket_notification.go#L312-L328

Does your configuration work if you apply it a second time after waiting or add the depends_on? Thanks.

@bflad bflad added service/s3 Issues and PRs that pertain to the s3 service. waiting-response Maintainers are waiting on response from community or contributor. labels Jan 3, 2019
@bflad
Copy link
Contributor

bflad commented Mar 11, 2019

Closing due to lack of response. Please do reach out with the additional information if available and we can continue investigating.

@bflad bflad closed this as completed Mar 11, 2019
@manherfo
Copy link

manherfo commented Dec 9, 2019

Hi Guys and @bflad, I'm getting the same error with bucket notifications but this time with notifications to sqs, could you help me? please

I already tried adding the depends on, but it isn't working.

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Dec 9, 2019
@ghost
Copy link
Author

ghost commented Dec 10, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Dec 10, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
service/s3 Issues and PRs that pertain to the s3 service.
Projects
None yet
Development

No branches or pull requests

2 participants