By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can I restrict a policy to enforce use of a specific SMS template in Pinpoint?

0

I would like to give very specific, temporary permissions to a user/role to allow them to send an SMS, restricting the body template and the Sender ID.

I know I can do this in SES (https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_SendEmail.html), but is it possible with Pinpoint (or even SNS)?

Thanks for the help! :)

Topics
Security, Identity, & ComplianceApplication IntegrationFront-End Web & MobileBusiness Applications
Tags
Security, Identity, & ComplianceAmazon Simple Notification Service (SNS)Amazon Pinpoint
Language
English
skorov
asked a year ago431 views
2 Answers
0

Answer shortly yes :)

You can create an IAM policy that grants specific temporary permissions to a user or role allowing them to send an SMS with restricted parameters.

Aws pinpoint example


{
    "Version": "2023-03-26",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "mobiletargeting:SendMessages",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "mobiletargeting:channels": "SMS"
                },
                "StringLike": {
                    "mobiletargeting:originationNumber": "SENDER_ID",
                    "mobiletargeting:messageBody": "APPROVED_TEMPLATE*"
                }
            }
        }
    ]
}

Aws sns example

IAM policy - since sns does not support policy templates attach this one to the user


{
    "Version": "2023-03-26",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "sns:Message": "APPROVED_TEMPLATE*",
                    "sns:SenderID": "SENDER_ID"
                }
            }
        }
    ]
}
profile picture
EXPERT
Sedat Salman
answered a year ago
  • skorov
    a year ago

    Hi! Thanks for the quick reply. I've been test it out but it isn't working for me.

    Firstly, I get an error about the Version, so I changed it to "2012-10-17". Then, once I've changed that, I get errors like, "The condition key sns:Message does not exist in the service sns". It looks like they are not valid condition keys. Where did you get them from?

0

IAM policy for AWS Pinpoint with the correct condition keys and version:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "mobiletargeting:SendMessages",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringEquals": {
                    "aws:RequestTag/sms_channel": "true"
                },
                "StringLike": {
                    "aws:RequestTag/origination_number": "SENDER_ID",
                    "aws:RequestTag/message_body": "APPROVED_TEMPLATE*"
                }
            }
        }
    ]
}
profile picture
EXPERT
Sedat Salman
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content