Amazon managed policies for Amazon Simple Notification Service
An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Services service is launched or new API operations become available for existing services.
For more information, see Amazon managed policies in the IAM User Guide.
Amazon managed policy: AmazonSNSFullAccess
AmazonSNSFullAccess provides full access to Amazon SNS using the Amazon Web Services Management Console. This
policy also includes the following read and write actions for Amazon End User Messaging SMS when called using
Amazon SNS. You can attach this policy to your users, groups, or roles.
Permissions details
The following permissions apply only when using the Amazon SNS APIs:
-
sns:*– Allows full permissions to perform any action related to Amazon SNS. This wildcard (*) means that the user can execute all possible Amazon SNS actions. -
sms-voice:DescribeVerifiedDestinationNumbers– Allows you to retrieve a list of phone numbers that have been verified for sending SMS messages within the Amazon Web Services account. -
sms-voice:CreateVerifiedDestinationNumber– Allows you to verify a new phone number for use with SMS messaging services within Amazon. -
sms-voice:SendDestinationNumberVerificationCode– Allows you to send a verification code to a phone number that is in the process of being verified for SMS messaging within Amazon. -
sms-voice:SendTextMessage– Allows you to create a new text message and send it to a recipient's phone number.SendTextMessageonly sends an SMS message to one recipient each time it's invoked. -
sms-voice:DeleteVerifiedDestinationNumber– Allows you to remove a phone number from the list of verified numbers within the Amazon Web Services account -
sms-voice:VerifyDestinationNumber– Allows you to initiate and complete the verification process for a phone number to be used for SMS messaging services within Amazon. -
sms-voice:DescribeAccountAttributes– Allows you to retrieve detailed information about the account-level attributes related to SMS messaging services within Amazon. -
sms-voice:DescribeSpendLimits– Allows you to retrieve information about the spending limits associated with SMS messaging services within the Amazon Web Services account -
sms-voice:DescribePhoneNumbers– Allows you to retrieve detailed information about the phone numbers associated with SMS messaging services within the Amazon Web Services account -
sms-voice:SetTextMessageSpendLimitOverride– Allows you to set or override the spending limit for SMS text messaging within the Amazon Web Services account -
sms-voice:DescribeOptedOutNumbers– Allows you to retrieve a list of phone numbers that have opted out of receiving SMS messages from your Amazon account. -
sms-voice:DeleteOptedOutNumber– Allows you to remove a phone number from the list of opted-out numbers within the Amazon Web Services account
AmazonSNSFullAccess example policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "SNSFullAccess", "Effect": "Allow", "Action": "sns:*", "Resource": "*" }, { "Sid": "SMSAccessViaSNS", "Effect": "Allow", "Action": [ "sms-voice:DescribeVerifiedDestinationNumbers", "sms-voice:CreateVerifiedDestinationNumber", "sms-voice:SendDestinationNumberVerificationCode", "sms-voice:SendTextMessage", "sms-voice:DeleteVerifiedDestinationNumber", "sms-voice:VerifyDestinationNumber", "sms-voice:DescribeAccountAttributes", "sms-voice:DescribeSpendLimits", "sms-voice:DescribePhoneNumbers", "sms-voice:SetTextMessageSpendLimitOverride", "sms-voice:DescribeOptedOutNumbers", "sms-voice:DeleteOptedOutNumber" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaLast": "sns.amazonaws.com" } } } ] }
To view the permissions for this policy, see AmazonSNSFullAccess in the Amazon Managed Policy Reference.
Amazon managed policy: AmazonSNSReadOnlyAccess
AmazonSNSReadOnlyAccess provides read-only access to Amazon SNS using the
Amazon Web Services Management Console. This policy also includes the following read-only actions for Amazon End User Messaging SMS when
called using Amazon SNS. You can attach this policy to your users, groups, and roles.
Permissions details
The following permissions apply only when using the Amazon SNS APIs:
-
sns:GetTopicAttributes– Allows you to retrieve the attributes of an Amazon SNS topic. This includes information such as the topic's ARN (Amazon Resource Name), the list of subscribers, delivery policies, access control policies, and any other metadata associated with the topic. -
sns:List*– Allows you to perform any operation that begins withListfor Amazon SNS resources. This includes permissions to list various elements related to Amazon SNS, such as:-
sns:ListTopics– Allows you to retrieve a list of all Amazon SNS topics in the Amazon Web Services account. -
sns:ListSubscriptions– Allows you to retrieve a list of all subscriptions to Amazon SNS topics. -
sns:ListSubscriptionsByTopic– Allows you to list all subscriptions for a specific Amazon SNS topic. -
sns:ListPlatformApplications– Allows you to list all platform applications that are created for mobile push notifications. -
sns:ListEndpointsByPlatformApplication– Allows you to list all endpoints associated with a platform application.
-
-
sns:CheckIfPhoneNumberIsOptedOut– Allows you to check whether a specific phone number has opted out of receiving SMS messages through Amazon SNS. -
sns:GetEndpointAttributes– Allows you to retrieve the attributes of an endpoint associated with an Amazon SNS platform application. This could include attributes such as the endpoint's enabled status, custom user data, and any other metadata associated with the endpoint. -
sns:GetDataProtectionPolicy– Allows you to retrieve the data protection policy associated with an Amazon SNS topic. -
sns:GetPlatformApplicationAttributes– Allows you to retrieve the attributes of an Amazon SNS platform application. Platform applications are used in Amazon SNS to send push notifications to mobile devices through services such as Apple Push Notification Service (APNS) or Firebase Cloud Messaging (FCM). -
sns:GetSMSAttributes– Allows you to retrieve the default SMS settings for the Amazon Web Services account. -
sns:GetSMSSandboxAccountStatus– Allows you to retrieve the current status of the SMS sandbox for your Amazon Web Services account. -
sns:GetSubscriptionAttributes– Allows you to retrieve the attributes of a specific subscription to an Amazon SNS topic. -
sms-voice:DescribeVerifiedDestinationNumbers– Allows you to view or retrieve a list of phone numbers that have been verified for sending SMS messages within the Amazon Web Services account -
sms-voice:DescribeAccountAttributes– Allows you to view or retrieve information about the account-level attributes related to SMS messaging services within Amazon. -
sms-voice:DescribeSpendLimits– Allows you to view or retrieve information about the spending limits associated with SMS messaging services within your Amazon Web Services account -
sms-voice:DescribePhoneNumbers– Allows you to view or retrieve information about the phone numbers that are used for SMS messaging services within the Amazon Web Services account -
sms-voice:DescribeOptedOutNumbers– Allows you to view or retrieve a list of phone numbers that have opted out of receiving SMS messages from your Amazon Web Services account
AmazonSNSReadOnlyAccess example
policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "SNSReadOnlyAccess", "Effect": "Allow", "Action": [ "sns:GetTopicAttributes", "sns:List*", "sns:CheckIfPhoneNumberIsOptedOut", "sns:GetEndpointAttributes", "sns:GetDataProtectionPolicy", "sns:GetPlatformApplicationAttributes", "sns:GetSMSAttributes", "sns:GetSMSSandboxAccountStatus", "sns:GetSubscriptionAttributes" ], "Resource": "*" }, { "Sid": "SMSAccessViaSNS", "Effect": "Allow", "Action": [ "sms-voice:DescribeVerifiedDestinationNumbers", "sms-voice:DescribeAccountAttributes", "sms-voice:DescribeSpendLimits", "sms-voice:DescribePhoneNumbers", "sms-voice:DescribeOptedOutNumbers" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaLast": "sns.amazonaws.com" } } } ] }
To view the permissions for this policy, see AmazonSNSFullAccess in the Amazon Managed Policy Reference.
Amazon SNS updates to Amazon managed policies
View details about updates to Amazon managed policies for Amazon SNS since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon SNS Document history page.
| Change | Description | Date |
|---|---|---|
|
AmazonSNSFullAccess – Update to an existing policy |
Amazon SNS added new permissions to allow full access to Amazon SNS using the Amazon Web Services Management Console. |
09/24/2024 |
|
AmazonSNSReadOnlyAccess – Update to an existing policy |
Amazon SNS added new permissions to allow read-only access to Amazon SNS using the Amazon Web Services Management Console. |
09/24/2024 |
|
Amazon SNS started tracking changes |
Amazon SNS started tracking changes for its Amazon managed policies. |
08/27/2024 |