How do I edit my Amazon SNS topic's access policy?

Last updated: 2021-09-20

I want to allow other AWS Identity and Access Management (IAM) entities to access to my Amazon Simple Notification Service (Amazon SNS) topic. How do I edit my Amazon SNS topic's access policy to grant the required permissions?

Resolution

To edit your Amazon SNS topic's access policy using the Amazon SNS console

1.    Open the Amazon SNS console.

2.    In the left navigation pane, choose Topics.

3.    Choose your Amazon SNS topic's name.

4.    Choose the Edit button.

5.    Expand the Access policy - optional section.

6.    Edit the access policy to grant the required permissions for your use case.

Note: For more information on how to write access policies, see Overview of managing access in Amazon SNS.

7.    Choose Save Changes.

To edit your Amazon SNS topic's access policy using the AWS CLI

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.

To modify, add, or remove permissions, run the following SetTopicAttributes command:

Important: Replace <TopicARN> with your topic's Amazon Resource Name (ARN). Replace testpolicy.json with the path to your policy document.

aws sns set-topic-attributes --topic-arn '<TopicARN>' --attribute-name 'Policy' --attribute-value file://testpolicy.json

-or-

To add permissions only, run the following AddPermission command:

Important: Replace <TopicARN> with your topic's ARN. Replace AllowProdAccountsXXX with a unique identifier for the new policy statement. Replace AWS Account ID with the account IDs of the IAM entities that you want to allow access to specific actions. Replace Publish and Subscribe with the list of actions that you want to allow for the specified IAM entities.

sns add-permission  --topic-arn '<TopicARN>' --label 'AllowProdAccountsXXX' --aws-account-id 'AWS Account ID' --action-name 'Publish' 'Subscribe'