I want to allow other AWS Identity and Access Management (IAM) entities to access to my Amazon Simple Notification Service (Amazon SNS) topic. How do I edit my Amazon SNS topic's access policy to grant the required permissions?
Resolution
To edit your Amazon SNS topic's access policy using the Amazon SNS console
1. Open the Amazon SNS console.
2. In the left navigation pane, choose Topics.
3. Choose your Amazon SNS topic's name.
4. Choose the Edit button.
5. Expand the Access policy - optional section.
6. Edit the access policy to grant the required permissions for your use case.
Note: For more information on how to write access policies, see Overview of managing access in Amazon SNS.
7. Choose Save Changes.
To edit your Amazon SNS topic's access policy using the AWS CLI
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.
To modify, add, or remove permissions, run the following SetTopicAttributes command:
Important: Replace <TopicARN> with your topic's Amazon Resource Name (ARN). Replace testpolicy.json with the path to your policy document.
aws sns set-topic-attributes --topic-arn '<TopicARN>' --attribute-name 'Policy' --attribute-value file://testpolicy.json
-or-
To add permissions only, run the following AddPermission command:
Important: Replace <TopicARN> with your topic's ARN. Replace AllowProdAccountsXXX with a unique identifier for the new policy statement. Replace AWS Account ID with the account IDs of the IAM entities that you want to allow access to specific actions. Replace Publish and Subscribe with the list of actions that you want to allow for the specified IAM entities.
sns add-permission --topic-arn '<TopicARN>' --label 'AllowProdAccountsXXX' --aws-account-id 'AWS Account ID' --action-name 'Publish' 'Subscribe'
Related information
Example cases for Amazon SNS access control
Actions, resources, and condition keys for Amazon SNS