Amazon Simple Notification Service
Developer Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Special Information for Amazon SNS Policies

The following list gives information specific to the Amazon SNS implementation of access control:

  • Each policy must cover only a single topic (when writing a policy, don't include statements that cover different topics)

  • Each policy must have a unique policy Id

  • Each statement in a policy must have a unique statement sid

Amazon SNS Policy Limits

The following table lists the maximum limits for policy information.

Name Maximum Limit

Bytes

30 kb

Statements

100

Principals

1 to 200 (0 is invalid.)

Resource

1 (0 is invalid. The value must match the ARN of the policy's topic.)

Valid Amazon SNS Policy Actions

Amazon SNS supports the actions shown in the following table.

Action Description
sns:AddPermission Grants permission to add permissions to the topic policy.
sns:DeleteTopic Grants permission to delete a topic.
sns:GetTopicAttributes Grants permission to receive all of the topic attributes.
sns:ListSubscriptionsByTopic Grants permission to retrieve all the subscriptions to a specific topic.
sns:Publish Grants permission to publish to a topic or endpoint. For more information, see Publish in the Amazon Simple Notification Service API Reference
sns:RemovePermission Grants permission to remove any permissions in the topic policy.
sns:SetTopicAttributes Grants permission to set a topic's attributes.
sns:Subscribe Grants permission to subscribe to a topic.

Amazon SNS Keys

Amazon SNS uses the following service-specific keys. You can use these in policies that restrict access to Subscribe requests.

  • sns:Endpoint—The URL, email address, or ARN from a Subscribe request or a previously confirmed subscription. Use with string conditions (see Example Policies for Amazon SNS) to restrict access to specific endpoints (for example, *@example.com).

  • sns:Protocol—The protocol value from a Subscribe request or a previously confirmed subscription. Use with string conditions (see Example Policies for Amazon SNS) to restrict publication to specific delivery protocols (for example, https).

Important

When you use a policy to control access by sns:Endpoint, be aware that DNS issues might affect the endpoint's name resolution in the future.