Can we publish SNS PushNotification to crossaccount endpoints?

0

We have Mobile PlatformApplication arns in AWS account-1, and we can publish PNs to endpoint arns with our java-service in the same account. But when trying to publish PNs with our java-service in different AWS accounts, we get com.amazonaws.services.sns.model.AuthorizationErrorException.

For Example: My PlatformApplication arn => arn:aws:sns:<region>:<account-id>:app/GCM/my-mobile-app-name

Once user register his device against this PlatfromApplication arn, a device endpoint will be created as => arn:aws:sns:<region>:<account-id>:endpoint/GCM/my-mobile-app-name/<uuid>

So, while publishing message to above endpoint arn from different AWS account resulting in AuthorizationErrorException

There seems no option to provide a resource-based policy for these SNS PlatformApplications (SNS PlatformApplications are not regular SNS topics). How can we solve this?

Thanks in Advance!

1 Answer
0

Hello,

You need to create an IAM role in the source account to allow publish message to the SNS topic in the target account. In the target account, create a SNS resource based policy to allow access to the IAM role which was created in the source account. Please refer the below doc if it helps.

https://aws.amazon.com/premiumsupport/knowledge-center/sns-cross-account-ec2-instance-iam-role/

profile pictureAWS
answered a year ago
  • These are SNS Mobile PlatformApplication arn, and these doesn't has a resource-based policy as far as I can see in AWS Console! I updated my question with more details.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions