AWSSupport-RemediateLambdaS3Event - Amazon Systems Manager Automation runbook reference
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).



The AWSSupport-TroubleshootLambdaS3Event runbook provides an automated solution for the procedures outlined in the Amazon Knowledge Center articles Why doesn't my Amazon S3 event notification trigger my Lambda function? and Why do I get the error "Unable to validate the following destination configurations" when creating an Amazon S3 event notification to trigger my Lambda function? This runbook helps you identify and remediate why an Amazon Simple Storage Service (Amazon S3) event notification failed to trigger the Amazon Lambda function you specified. If the runbook output suggests validating and configuring your Lambda function concurrency, see Asynchronous invocation and Amazon Lambda Function scaling .


"Unable to validate the following destination configurations" errors can also occur due to incorrect Amazon Simple Notification Service (Amazon SNS) and Amazon Simple Queue Service (Amazon SQS) Amazon S3 event configurations. This runbook only checks Lambda function configurations. If after using the runbook, you are still receiving the "Unable to validate the following destination configurations" error, please review any existing Amazon SNS and Amazon SQS Amazon S3 event configurations.

Run this Automation (console)

Document type





Linux, macOS, Windows


  • AutomationAssumeRole

    Type: String

    Description: (Optional) The Amazon Resource Name (ARN) of the Amazon Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.

  • LambdaFunctionArn

    Type: String

    Description: (Required) The ARN of the Lambda function.

  • S3BucketName

    Type: String

    Description: (Required) The name of the Amazon S3 bucket whose event notifications triggers the Lambda function.

  • Action

    Type: String

    Valid values: Troubleshoot | Remediate

    Description: (Required) The action you want the runbook to perform. The Troubleshoot option helps identify any issues, but does not perform any mutating actions to resolve the issue. The Remediate option helps identify and attempts to resolve issues for you.

Required IAM permissions

The AutomationAssumeRole parameter requires the following actions to successfully use the runbook.

  • ssm:StartAutomationExecution

  • ssm:GetDocument

  • ssm:ListDocuments

  • ssm:DescribeAutomationExecutions

  • ssm:DescribeAutomationStepExecutions

  • ssm:GetAutomationExecution

  • lambda:GetPolicy

  • lambda:AddPermission

  • s3:GetBucketNotification

Document Steps