Menu
AWS Config
Developer Guide

Permissions for the Amazon SNS Topic

AWS Config must have permissions to send notifications to an SNS topic. If you use the AWS Config console to set up your delivery channel with a new SNS topic or you choose an SNS topic that already exists in your account, these permissions are automatically added to the SNS topic. However, if you specify an existing topic from another account or you set up your delivery channel using the API, you must make sure that the topic has the correct permissions.

The following example shows the permissions that are automatically created by AWS Config for a new topic. This policy statement allows AWS Config to publish to a specified Amazon SNS topic.

If you want to use an existing SNS topic from another account or you set up your delivery channel using the API, make sure to attach the following policy to the SNS topic.

Copy
{ "Id": "Policy1415489375392", "Statement": [ { "Sid": "AWSConfigSNSPolicy20150201", "Action": [ "SNS:Publish" ], "Effect": "Allow", "Resource": "arn:aws:sns:region:account-id:myTopic", "Principal": { "Service": [ "config.amazonaws.com" ] } } ] }

For the Resource key, account-id is the account number of the topic owner; in topics that you create, this will be your account number. You must substitute appropriate values for region and myTopic.