Permissions for AWS KMS–encrypted Amazon SNS topics

The Amazon SNS topic you specify might be encrypted by AWS Key Management Service. To allow DevOps Guru to work with encrypted topics, you must first create a AWS KMS key and then add the following statement to the policy of the KMS key. For more information, see Encrypting messages published to Amazon SNS with AWS KMS, Key identifiers (KeyId) in the AWS KMS User Guide, and Data encryption in the Amazon Simple Notification Service Developer Guide.


{
    "Version": "2012-10-17",
    "Id": "your-kms-key-policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "region-id.devops-guru.amazonaws.com"
            },
            "Action": [
                "kms:GenerateDataKey*",
                "kms:Decrypt"
            ],
            "Resource": "*"
        }
      ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Permissions for cross account Amazon SNS topics

Troubleshooting