AWS Config
Developer Guide

Permissions for the Amazon SNS Topic

Use the information in this topic only if you want to configure AWS Config to deliver Amazon SNS topics owned by a different account.

AWS Config must have permissions to send notifications to an SNS topic. If you want to use an SNS topic from another account, make sure to attach the following policy to the SNS topic.

{ "Id": "Policy1415489375392", "Statement": [ { "Sid": "AWSConfigSNSPolicy20150201", "Action": [ "SNS:Publish" ], "Effect": "Allow", "Resource": "arn:aws:sns:region:account-id:myTopic", "Principal": { "AWS": [ "account-id1", "account-id2", "account-id3", ] } } ] }

For the Resource key, account-id is the account number of the topic owner. For account-id1, account-id2, and account-id3, use the account numbers of the account where AWS Config is setup.

You must substitute appropriate values for region and myTopic.