Permissions for AWS KMS–encrypted Amazon SNS topics - Amazon DevOps Guru

Permissions for AWS KMS–encrypted Amazon SNS topics

The Amazon SNS topic you specify might be encrypted by AWS Key Management Service. To allow DevOps Guru to work with encrypted topics, you must first create a AWS KMS key and then add the following statement to the policy of the KMS key. For more information, see Encrypting messages published to Amazon SNS with AWS KMS, Key identifiers (KeyId) in the AWS KMS User Guide, and Data encryption in the Amazon Simple Notification Service Developer Guide.

{ "Version": "2012-10-17", "Id": "your-kms-key-policy", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "region-id.devops-guru.amazonaws.com" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt" ], "Resource": "*" } ] }