How do I allow AWS accounts in my organization to publish messages to an Amazon SNS topic in my account?

2 minute read

I want an Amazon Simple Notification Service (Amazon SNS) topic to accept messages from any AWS account in my organization in AWS Organizations. How do I set that up?

Short description

Configure the Amazon SNS topic's access policy to allow any account in your organization to publish messages to the topic. In the access policy, include the global condition key, aws:PrincipalOrgID, and specify your organization's ID.


1.    Find your organization's ID in the Organizations console. For more information, see Viewing the details of an organization from the management account.

2.    Create a topic in the Amazon SNS console. Note the Amazon Resource Name (ARN) of your new topic.

3.    In the Amazon SNS console, edit the topic by doing the following:
In the navigation pane, choose Topics.
Choose the topic that you created. Then, choose Edit.
On the Edit page, expand Access policy -optional.
Paste the following example policy into the JSON editor, and then choose Save changes:

Important: Replace snsTopicArn with the topic's ARN. Then, replace myOrgId with your organization's ID.

  "Version": "2012-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
      "Sid": "allow-publish-from-organization-accounts",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      "Action": [
      "Resource": "snsTopicArn",
      "Condition": {
        "StringEquals": {
          "aws:PrincipalOrgID": "myOrgId"

Tip: To allow accounts in your organization to perform more Amazon SNS API actions (such as GetTopicAttributes), add actions under "Action" in the policy.

4.    Subscribe your email address to the SNS topic for testing. When you create the subscription, make sure that you specify your topic's ARN.

5.    In your email, find the subscription confirmation message from AWS Notifications and confirm the subscription.

6.    Publish a message to the SNS topic in your account using any AWS account in your organization. In the publish request, make sure that you specify the topic's ARN.

The published message appears in your email.

Related information

AWS global condition context keys

Example cases for Amazon SNS access control

Overview of managing access in Amazon SNS

AWS services that you can use with AWS Organizations

AWS OFFICIALUpdated 2 years ago