AddPermission - Amazon Simple Notification Service


Adds a statement to a topic's access control policy, granting access for the specified AWS accounts to the specified actions.


To remove the ability to change topic permissions, you must deny permissions to the AddPermission, RemovePermission, and SetTopicAttributes actions in your IAM policy.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.


The action you want to allow for the specified principal(s).

Valid values: Any Amazon SNS action name, for example Publish.

Type: Array of strings

Required: Yes


The AWS account IDs of the users (principals) who will be given access to the specified actions. The users must have AWS account, but do not need to be signed up for this service.

Type: Array of strings

Required: Yes


A unique identifier for the new policy statement.

Type: String

Required: Yes


The ARN of the topic whose access control policy you wish to modify.

Type: String

Required: Yes


For information about the errors that are common to all actions, see Common Errors.


Indicates that the user has been denied access to the requested resource.

HTTP Status Code: 403


Indicates an internal service error.

HTTP Status Code: 500


Indicates that a request parameter does not comply with the associated constraints.

HTTP Status Code: 400


Indicates that the requested resource does not exist.

HTTP Status Code: 404


The structure of AUTHPARAMS depends on the signature of the API request. For more information, see Examples of the complete Signature Version 4 signing process (Python) in the AWS General Reference.


This example illustrates one usage of AddPermission.

Sample Request &TopicArn=arn%3Aaws%3Asns%3Aus-east-2%3A123456789012%3AMy-Test &Label=NewPermission &ActionName.member.1=Publish &ActionName.member.2=GetTopicAttributes &AWSAccountId.member.1=987654321000 &AWSAccountId.member.2=876543210000 &Version=2010-03-31 &AUTHPARAMS

Sample Response

<AddPermissionResponse xmlns=""> <ResponseMetadata> <RequestId>6a213e4e-33a8-11df-9540-99d0768312d3</RequestId> </ResponseMetadata> </AddPermissionResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: