Amazon SNS Policy Generator

Generate SNS topic policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Step 1

Configure topic defaults

Set the region and account ID used when generating sample SNS topic ARNs.

RegionAccount ID

Step 2

Choose SNS actions

Filter on

The action list is scoped to AWS Policy Generator's SNS Topic Policy actions.

Step 3

Configure topic policy statements

No SNS actions selected yet.

Search for an SNS action above to start generating a topic policy.

Generated SNS topic policy

{
  "Version": "2012-10-17",
  "Statement": []
}

Generated from 41 SNS Topic Policy actions in AWS Policy Generator and enriched with Amazon SNS Service Authorization Reference metadata. Last updated 2026-05-21.

Need this implemented safely?

Lock down SNS access without breaking publishers

We can help turn topic policies into secure AWS guardrails, event-driven infrastructure, and auditable infrastructure as code with an AWS Security Review or AWS CDK Review.

Explore AWS consulting services

Build SNS topic policies from AWS action metadata

This generator uses AWS Policy Generator's SNS Topic Policy action list and enriches it with Amazon SNS Service Authorization Reference metadata so you can build topic policies with actions, principals, resources, and condition keys in one place.

How to use the SNS policy generator

Configure the region and account ID used for generated sample topic ARNs.
Search for one of the SNS Topic Policy actions exposed by AWS Policy Generator.
Configure effect, topic resources, principals, and supported condition keys.
Copy the generated JSON, Terraform, or CloudFormation topic policy.

SNS topic policies are resource policies

SNS topic policies include a Principal element because the policy lives on the topic and defines who can publish, subscribe, manage permissions, or perform other SNS actions against that resource.

Need a different policy type? Switch to the IAM policy generator, S3 bucket policy generator, SQS queue policy generator, or VPC endpoint policy generator.

Frequently asked questions

Should I use an SNS topic policy or an IAM identity policy?

Use an IAM identity policy to grant permissions to users, roles, or applications in your account. Use an SNS topic policy when the permission must live on the topic itself, especially for cross-account access, service integrations, or publish and subscribe permissions controlled at the topic boundary.

Why does an SNS topic policy need a Principal?

SNS topic policies are resource policies. The Principal element identifies who the statement applies to, such as an AWS account, IAM role ARN, federated principal, or AWS service principal.

Can SNS topic policies use service principals?

Yes. Service principals are useful when AWS services need access to a topic. The generator reuses the generated AWS service principal dataset so you can search for entries such as events.amazonaws.com or s3.amazonaws.com instead of typing them from memory.

Can I use wildcard resources in an SNS topic policy?

You can use *, but topic policies are usually safer when scoped to one or more specific topic ARNs. The wildcard option is useful for drafts or broad administrative statements, but production policies should normally target explicit topics.

Which condition keys should I use for SNS topic policies?

Start with the condition keys AWS documents for the selected SNS action, then add global IAM keys when needed. Common examples include restricting protocol, source account, source ARN, organization ID, or request tags depending on the action and integration.

Can I use the generated output in Terraform or CloudFormation?

Yes. The JSON output is a standard SNS topic policy document, the Terraform output includes an aws_iam_policy_document data source with aws_sns_topic_policy, and the CloudFormation output creates an AWS::SNS::TopicPolicy snippet.

Related tools

Amazon VPC Endpoint policy generator

Generate VPC endpoint policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Amazon SQS Policy Generator

Generate SQS queue policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

S3 Bucket Policy Generator

Generate S3 bucket policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Next step

Want AWS engineering that feels this practical?

I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.

Explore AWS services

← Back to tools