AWS Incident Manager - Slack Notification - SNS Topic Permission issue
0
I have an SNS topic for the ChatOps and I configured Slack to send messages via sns. The test message is working fine. Now Im creating a response plan in the incident manager to send the message to Slack. But which I click on save button Im getting the following error.
There was an error in creating the response plan.
Topic policy does not allow the service to publish to these SNS topics: arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager
But as per the Incident Manager Doc, I have added the following line into the SNS access policy.
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sns:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager"
},
{
"Sid": "IncidentManagerSNSPublishingPermissions",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager",
"Condition": {
"StringEqualsIfExists": {
"AWS:SourceAccount": "xxxxxxxxxx"
}
}
}
]
}
Not sure where is the error.
Tags
Language
English
asked 8 months ago243 views
1 Answer
- Newest
- Most votes
- Most comments
1
This type of error happens when the topic is encrypted and the KMS key that is used to encrypt the topic does not have the necessary permissions that allow Systems Manger to use the key. Kindly add the following statement to the KMS key's policy and try to save the response plan.
{
"Sid": "Allow CWE to use the key",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey*"
],
"Resource": "*"
}
answered 7 months ago
Relevant content
- asked 9 months ago
- asked 2 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
