Amazon SNS access policy
Access to an Amazon SNS topic is controlled by a resource policy attached to the Amazon SNS topic, this is also called an access policy. For more information about Amazon SNS access polices, see Identity and access management in the Amazon SNS Developer Guide.
Note
If your Amazon SNS topic has server-side encryption enabled with AWS Key Management Service then also add the policy to the associated symmetric encryption customer managed key.
Update the access policy with the following statement to permit AWS End User Messaging SMS to publish to the Amazon SNS topic.
-
Replace
111122223333with the unique ID for your AWS account. -
Replace
TopicNamewith the name of the Amazon SNS topic. -
Replace
Regionwith the AWS Region that contains the Amazon SNS topic and configuration set. -
Replace
ConfigSetNamewith the name of the configuration set.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "sms-voice.amazonaws.com" }, "Action": "sns:Publish", "Resource": "arn:aws:sns:Region:111122223333:TopicName", "Condition": { "StringEquals": { "aws:SourceAccount": "accountId" }, "ArnLike": { "aws:SourceArn": "arn:aws:sms-voice:Region:111122223333:configuration-set/ConfigSetName" } } } ] }
Access policy for encrypted Amazon SNS topics
If your Amazon SNS topic has server-side encryption enabled with AWS Key Management Service, add the following policy to the associated symmetric encryption customer managed key. You must add the policy to a customer managed key because you cannot modify the AWS managed key for Amazon SNS.
{ "Version": "2012-10-17", "Id": "example-ID", "Statement": [ { "Sid": "example-statement-ID", "Effect": "Allow", "Principal": { "Service": "sms-voice.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "*" } ] }
