Posted On: Jan 7, 2022
Amazon Simple Notification Service (Amazon SNS) now supports Attribute-based access control (ABAC) for API actions including Publish and PublishBatch. ABAC is an authorization strategy that defines access permissions based on tags which can be attached to IAM resources, such as IAM users and roles, and to Amazon Web Services resources, like Amazon SNS topics, to simplify permission management.
Amazon SNS is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication. The A2A pub/sub functionality provides topics for high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. The A2P functionality enables you to send messages to users at scale via SMS, mobile push, and email. With ABAC support for Amazon SNS, ABAC policies can be used to allow or deny specific API actions when the IAM principal's tags match the tags on an Amazon SNS topic.
Amazon SNS message batching is available in the Amazon Web Services China (Ningxia) region, operated by NWCD, and the Amazon Web Services China (Beijing) region, operated by Sinnet.
To get started, see the following resources:
- For information about attribute-based access control, see What is ABAC for Amazon in the IAM User Guide
- For information about configuring ABAC with Amazon SNS, see Tagging in the Amazon SNS Developer Guide