Hello y'all, I have something like the following that fails sometimes, but sometimes works

const modelBucket = new aws.s3.Bucket(this.modelBucketName, modelBucketConfig, {
    parent: this,
    protect: true
})

const p0 = this.createQueue(pipelineName, 0, modelBucket)

let modelNotificationName = `${pipelineName}-modelNotification-${ENV_LOWER}`;
new aws.s3.BucketNotification(modelNotificationName, {
  bucket: modelBucket.id,
  queues: [{
    events: ["s3:ObjectCreated:*"],
    filterSuffix: "model.tar.gz",
    queueArn: p0.arn,
  }],
}, {
  dependsOn: [modelBucket, p0],
  parent: this
})


/**
 * Create an SQS queue
 * 
 * @param name 
 * @param priority 
 * @param bucket 
 */
private createQueue(name: string, priority: number, bucket: aws.s3.Bucket) {
let queueName = `p${priority}-${name}-queue-${ENV_LOWER}`

const queue = new aws.sqs.Queue(queueName, 
    {visibilityTimeoutSeconds: 120},
    { dependsOn: bucket, parent: this } // specify resource parent
)

new aws.sqs.QueuePolicy(`p${priority}-${name}-S3Events-${ENV_LOWER}`, {
    policy: pulumi.interpolate`{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": "*",
        "Action": "sqs:SendMessage",
        "Resource": "${queue.arn}",
        "Condition": {
            "ArnEquals": { "aws:SourceArn": "${bucket.arn}" }
        }
        }
    ]
    }`,
    queueUrl: queue.url,
},
{ dependsOn: [bucket, queue],
    parent: this })

return queue
}

The error I get is the following

error: 1 error occurred:
	* error putting S3 Bucket Notification Configuration: InvalidArgument: Unable to validate the following destination configurations
	status code: 400, request id: NZSHGJTE4XD0SFHA, host id: a+VHT+tq6Fj91OMR29gdfmvHxUbsCR8KpAsD/NNQiYQoxz03Z2hZgDlS6ibC/2PCCFDHLwwudH0=

Can anyone shed light on why this might be failing. I'm trying to create a bucket, and SQS queue, with a queue notification when a file gets created in the bucket.

There aren't any other notifications attached to that bucket, right? Everything is in the code specified here related to the bucket? With it being intermittent, there's a couple possibilities, like an occasionally malformed ARN. The AWS classic provider is based off of the Terraform bridge, so it responds to using the

TF_LOG

environment variable to get it to dump some data while it's running. Here's the basic command I'll use:

TF_LOG=TRACE pulumi up -v=11 --logtostderr 2>&1 | tee -a pulumi_log.txt

The environment variable asks the classic provider to bubble up data. The end of the command tells Pulumi to share logs both to stdout/stderr and append them to a file called

pulumi_log.txt

. You could use that to get a bit more information and track down the oddity. Unfortunately, I don't see anything specific in your code that's raising a flag for me, so that's where I'd start.