Creating an Amazon VPC endpoint policy for Amazon SNS

Focus mode

Creating an Amazon VPC endpoint policy for Amazon SNS - Amazon Simple Notification Service

You can create a policy for Amazon VPC endpoints for Amazon SNS in which you specify the following:

The principal that can perform actions.
The actions that can be performed.
The resources on which actions can be performed.

For more information, see Controlling Access to Services with VPC Endpoints in the Amazon VPC User Guide.

The following example VPC endpoint policy specifies that the IAM user MyUser is allowed to publish to the Amazon SNS topic MyTopic.


{
  "Statement": [{
    "Action": ["sns:Publish"],
    "Effect": "Allow",
    "Resource": "arn:aws:sns:us-east-2:123456789012:MyTopic",
    "Principal": {
      "AWS": "arn:aws:iam:123456789012:user/MyUser"
    }
  }]
}

The following are denied:

Other Amazon SNS API actions, such as sns:Subscribe and sns:Unsubscribe.
Other IAM users and rules which attempt to use this VPC endpoint.
MyUser publishing to a different Amazon SNS topic.

Note

The IAM user can still use other Amazon SNS API actions from outside the VPC.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating a VPC endpoint

Publishing a message from a VPC

Next topic:

Publishing a message from a VPC

Previous topic:

Creating a VPC endpoint

Need help?

Did this page help you?

Provide feedback

Privacy Site terms Cookie preferences

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

Unable to save cookie preferences