AddPermission
Adds a statement to a topic's access control policy, granting access for the specified AWS accounts to the specified actions.
Note
To remove the ability to change topic permissions, you must deny permissions to
the AddPermission
, RemovePermission
, and
SetTopicAttributes
actions in your IAM policy.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- ActionName.member.N
-
The action you want to allow for the specified principal(s).
Valid values: Any Amazon SNS action name, for example
Publish
.Type: Array of strings
Required: Yes
- AWSAccountId.member.N
-
The AWS account IDs of the users (principals) who will be given access to the specified actions. The users must have AWS account, but do not need to be signed up for this service.
Type: Array of strings
Required: Yes
- Label
-
A unique identifier for the new policy statement.
Type: String
Required: Yes
- TopicArn
-
The ARN of the topic whose access control policy you wish to modify.
Type: String
Required: Yes
Errors
For information about the errors that are common to all actions, see Common Errors.
- AuthorizationError
-
Indicates that the user has been denied access to the requested resource.
HTTP Status Code: 403
- InternalError
-
Indicates an internal service error.
HTTP Status Code: 500
- InvalidParameter
-
Indicates that a request parameter does not comply with the associated constraints.
HTTP Status Code: 400
- NotFound
-
Indicates that the requested resource does not exist.
HTTP Status Code: 404
Examples
The structure of AUTHPARAMS
depends on the signature of the API request.
For more information, see Examples
of the complete Signature Version 4 signing process (Python) in the
AWS General Reference.
Example
This example illustrates one usage of AddPermission.
Sample Request
https://sns.us-east-2.amazonaws.com/?Action=AddPermission
&TopicArn=arn%3Aaws%3Asns%3Aus-east-2%3A123456789012%3AMy-Test
&Label=NewPermission
&ActionName.member.1=Publish
&ActionName.member.2=GetTopicAttributes
&AWSAccountId.member.1=987654321000
&AWSAccountId.member.2=876543210000
&Version=2010-03-31
&AUTHPARAMS
Sample Response
<AddPermissionResponse xmlns="https://sns.amazonaws.com/doc/2010-03-31/">
<ResponseMetadata>
<RequestId>6a213e4e-33a8-11df-9540-99d0768312d3</RequestId>
</ResponseMetadata>
</AddPermissionResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: