Posted On: Jan 10, 2022

Amazon Simple Notification Service (Amazon SNS) now supports Attribute-based access control (ABAC) for API actions including Publish and PublishBatch. ABAC is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources, such as IAM users and roles, and to AWS resources, like Amazon SNS topics, to simplify permission management.

Amazon SNS is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication. The A2A pub/sub functionality provides topics for high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. The A2P functionality enables you to send messages to users at scale via SMS, mobile push, and email. With ABAC support for Amazon SNS, ABAC policies can be used to allow or deny specific API actions when the IAM principal's tags match the tags on an Amazon SNS topic.

Amazon SNS supports ABAC in all public AWS Regions and AWS GovCloud (US).

To get started, see the following resources:

  • For information about attribute-based access control, see What is ABAC for AWS in the IAM User Guide
  • For information about configuring ABAC with Amazon SNS, see Tagging in the Amazon SNS Developer Guide