- Newest
- Most votes
- Most comments
For me, it looks like your SNS policy is missing the Pinpoint Service Principal and the necessary SourceArn conditions. Even though it’s branded as End User Messaging, AWS often routes these via Pinpoint behind the scenes.
Update your SNS Topic Policy statement to this:
{
"Sid": "AllowEndUserMessaging",
"Effect": "Allow",
"Principal": {
"Service": [
"pinpoint.amazonaws.com",
"sms-voice.amazonaws.com"
]
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-southeast-2:<account-id>:<topic-name>",
"Condition": {
"StringEquals": {
"AWS:SourceAccount": "<account-id>"
}
}
}
Why this matters:
- Principal: Adding
pinpoint.amazonaws.comis often required for the message hand-off. - Empty Logs: If CloudWatch is empty, it means the service is being denied at the SNS 'front door' before it can even attempt to log the event.
PS: If this doesn't work, check the Two-way messaging tab in the console to ensure the 'Incoming messages destination' status is explicitly Enabled for that specific topic.
Based on your description, there are several potential issues to check for two-way SMS messaging in AWS End User Messaging SMS:
First, verify that the sender number (the phone replying to your SMS) is from the same country as your two-way SMS number and is in E.164 format. This is a common requirement for two-way SMS functionality.
Since you're using Amazon SNS as your event destination, ensure the following:
-
IAM Role Permissions: Verify that your IAM role has the correct permissions to publish to SNS topics. The role should include permissions for
sns:Publishaction. -
Trust Policy: Check that your IAM role has the proper trust policy attached that allows the End User Messaging SMS service to assume the role.
-
SNS Topic Policy: Your SNS topic needs a specific topic policy that grants the End User Messaging SMS service permission to publish messages to it. Without this policy, inbound messages won't reach your topic even though your manual test works.
-
KMS Encryption: If you're using AWS KMS symmetric keys to encrypt your SNS topic, you need to add the required permissions policy to the key policy to allow the End User Messaging SMS service to use the key.
The fact that your manual SNS publish command works confirms the subscription is functioning correctly, but it doesn't test the permissions needed for the End User Messaging SMS service to publish to that topic. The missing piece is likely the topic policy or IAM role configuration that specifically allows the SMS service to interact with your SNS topic.
Also confirm that you're using a standard SNS topic (not a FIFO topic) as the event destination.
Sources
Troubleshoot two-way SMS messaging issues | AWS re:Post
Thanks for your reply. Yeah the sender number is in the same country as the number it's sending to, both in E.164 format.
My two way messaging is using SNS topic policies.
This is my topic policy in the topic that end user messaging points to:
{ "Version": "2008-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid": "__default_statement_ID", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "SNS:GetTopicAttributes", "SNS:SetTopicAttributes", "SNS:AddPermission", "SNS:RemovePermission", "SNS:DeleteTopic", "SNS:Subscribe", "SNS:ListSubscriptionsByTopic", "SNS:Publish" ], "Resource": "arn:aws:sns:ap-southeast-2:<account id>:<topic name>", "Condition": { "StringEquals": { "AWS:SourceOwner": "<account id>" } } }, { "Sid": "AllowSMSVoiceServicePublish", "Effect": "Allow", "Principal": { "Service": "sms-voice.amazonaws.com" }, "Action": "SNS:Publish", "Resource": "arn:aws:sns:ap-southeast-2:<account id>:<topic name>" } ] }
I am not using KMS encryption, and I'm just using a standard (non FIFO) topic.
I did look at that troubleshooting document too and made sure that my topic access policy was correct. I'm still lost.
Hi all,
Ben, we're seeing the exact same issue on our service, which has been running perfectly fine for many years. Did you find a solution to your issue?
We've applied the suggested fixes above and attempted various other combination of fixes suggested by Q or Google, to no avail.
This feels like an AWS outage, considering this has been working for us for years and suddenly stops working at 2026-05-06 22:59 UTC.
Can someone from AWS update us on whether there's any issues in the eu-west-2 region around two way SMS please? And if not, why our service would just suddenly stop receiving messages like this?
Thanks,
Neil
Relevant content
- asked a year ago
Hmmm no this doesn't work either unfortunately. I updated sns topic policy.
And, in the two way messaging tab in the console, the Incoming messages destination has my topic set explicitly which is the same resource listed in the SNS policy.