Amazon SNS messaging role policy for Amazon IoT Events - Amazon IoT Events
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

End of support notice: On May 20, 2026, Amazon will end support for Amazon IoT Events. After May 20, 2026, you will no longer be able to access the Amazon IoT Events console or Amazon IoT Events resources. For more information, see Amazon IoT Events end of support.

Amazon SNS messaging role policy for Amazon IoT Events

Integrating Amazon IoT Events with Amazon SNS requires careful permission management for secure and efficient notification delivery. This guide walks you through the process of configuring IAM roles and policies to allow Amazon IoT Events to publish messages to Amazon SNS topics.

The following policy documents provide the role policy and trust policy that allow Amazon IoT Events to send SNS messages.

Role policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "sns:*"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws-cn:sns:us-east-1:123456789012:testAction"
        }
    ]
}

Trust policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "iotevents.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}